UBUNTU-CVE-2025-9386

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-9386

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-9386

Upstream

CVE-2025-9386

Published

2025-08-24T11:15:00Z

Modified

2026-01-20T19:38:29.627133Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - low

Summary

[none]

Details

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function getl2lenprotocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

References

Affected packages

Ubuntu:25.10

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.5.2-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-1

4.5.2-1

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "4.5.2-1",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"

Ubuntu:Pro:16.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@3.4.4-2+deb8u1ubuntu0.1~esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.4-2

3.4.4-2+deb8u1build0.16.04.1

3.4.4-2+deb8u1ubuntu0.1~esm1

3.4.4-2+deb8u1ubuntu0.1~esm2

3.4.4-2+deb8u1ubuntu0.1~esm3

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "3.4.4-2+deb8u1ubuntu0.1~esm3",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"

Ubuntu:Pro:18.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.2.6-1ubuntu0.1~esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.6-1

4.2.6-1ubuntu0.1~esm1

4.2.6-1ubuntu0.1~esm2

4.2.6-1ubuntu0.1~esm3

4.2.6-1ubuntu0.1~esm4

4.2.6-1ubuntu0.1~esm5

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "4.2.6-1ubuntu0.1~esm5",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"

Ubuntu:Pro:20.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.3.2-1ubuntu0.1~esm3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.2-1build1

4.3.2-1ubuntu0.1~esm1

4.3.2-1ubuntu0.1~esm2

4.3.2-1ubuntu0.1~esm3

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "4.3.2-1ubuntu0.1~esm3",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"

Ubuntu:Pro:22.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.3.4-1ubuntu0.1~esm2?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.3-2

4.3.4-1

4.3.4-1ubuntu0.1~esm1

4.3.4-1ubuntu0.1~esm2

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "4.3.4-1ubuntu0.1~esm2",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"

Ubuntu:Pro:24.04:LTS

tcpreplay

Package

Name: tcpreplay
Purl: pkg:deb/ubuntu/tcpreplay@4.4.4-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3-1

4.4.4-1

4.4.4-1build1

4.4.4-1build2

4.4.4-1ubuntu0.1~esm1

Ecosystem specific

{
    "priority_reason": "CLI tool crash only",
    "binaries": [
        {
            "binary_version": "4.4.4-1ubuntu0.1~esm1",
            "binary_name": "tcpreplay"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9386.json"