CVE-2025-9384: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2025-9384) was discovered in appneta tcpreplay versions up to 4.5.1, specifically affecting the tcpeditpostargs function in /src/tcpedit/parse_args.c. The vulnerability was disclosed on August 24, 2025, and involves a null pointer dereference that can be triggered through local access. The affected software, tcpreplay, is a packet replay and editing tool used for testing and security analysis (NVD, Debian Tracker).

The vulnerability is classified as a null pointer dereference (CWE-476) and improper resource shutdown or release (CWE-404). The issue occurs in the port mapping parameter parsing logic within the parse_portmap function, specifically when processing malformed port mapping arguments. The vulnerability has received a CVSS v4.0 base score of 4.8 (Medium) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 3.3 (Low) (GitHub Issue).

The vulnerability results in a segmentation fault when the strtol function attempts to process a null pointer, causing immediate program termination. While the impact is primarily limited to availability through program crashes, the vulnerability requires local access and low privileges to exploit, limiting its potential severity (GitHub Issue).

The recommended mitigation is to upgrade to tcpreplay version 4.5.2-beta2, which has addressed this vulnerability. The vendor has confirmed that the issue is not reproducible in the newer version. For systems unable to upgrade immediately, limiting local access to the tcpreplay utility can help reduce the risk (NVD).