CVE-2025-9385: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability has been discovered in appneta tcpreplay versions up to 4.5.1. The vulnerability exists in the fixipv6checksums function within the edit_packet.c file of the tcprewrite component. The issue was discovered on August 24, 2025, and affects the IPv6 packet checksum recalculation functionality (VulDB, GitHub Issue).

The vulnerability occurs when the fixipv6checksums function attempts to access packet memory that has been reallocated by the untruncpacket function, but continues to use the original, now-freed memory pointer for IPv6 header processing. The vulnerability is triggered during packet editing operations at tcpedit.c:342, where untruncpacket is called at edit_packet.c:562, using realloc to resize the packet buffer. This leads to a READ operation on freed memory, causing program termination with SIGABRT. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (GitHub Issue).

The vulnerability can lead to heap use-after-free memory access, potentially causing program crashes and denial of service. The attack is restricted to local execution, affecting the integrity of IPv6 packet processing where checksum recalculation is required during packet modification operations (VulDB).

Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component to the patched version (VulDB).