Search criteria
3 vulnerabilities found for libopts by GNU
FKIE_CVE-2025-8746
Vulnerability from fkie_nvd - Published: 2025-08-09 06:15 - Updated: 2025-09-16 15:36
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing | Exploit | |
| cna@vuldb.com | https://github.com/appneta/tcpreplay/issues/957 | Exploit, Issue Tracking, Vendor Advisory | |
| cna@vuldb.com | https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393 | Exploit, Issue Tracking, Vendor Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319242 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319242 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.623632 | Exploit, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.gnu.org/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/appneta/tcpreplay/issues/957 | Exploit, Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libopts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024E73A1-1AC2-4006-AD40-30D86CA7F4A6",
"versionEndIncluding": "27.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en GNU libopts hasta la versi\u00f3n 27.6. La funci\u00f3n __strstr_sse2 se ve afectada. La manipulaci\u00f3n provoca corrupci\u00f3n de memoria. Se requiere acceso local para abordar este ataque. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este problema se inform\u00f3 inicialmente al proyecto tcpreplay, pero el responsable del c\u00f3digo explica que este \"error parece estar en libopts, que es una librer\u00eda externa\". Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante."
}
],
"id": "CVE-2025-8746",
"lastModified": "2025-09-16T15:36:22.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-09T06:15:35.580",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319242"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319242"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.623632"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.gnu.org/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-8746 (GCVE-0-2025-8746)
Vulnerability from cvelistv5 – Published: 2025-08-09 06:02 – Updated: 2025-08-11 17:56
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
nipc-cxd (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T17:54:28.716974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T17:56:50.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libopts",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "27.0"
},
{
"status": "affected",
"version": "27.1"
},
{
"status": "affected",
"version": "27.2"
},
{
"status": "affected",
"version": "27.3"
},
{
"status": "affected",
"version": "27.4"
},
{
"status": "affected",
"version": "27.5"
},
{
"status": "affected",
"version": "27.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nipc-cxd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GNU libopts bis 27.6 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion __strstr_sse2. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T06:02:07.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319242 | GNU libopts __strstr_sse2 memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319242"
},
{
"name": "VDB-319242 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319242"
},
{
"name": "Submit #623632 | tcpreplay tcpliveplay tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Segmentation Fault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623632"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T11:19:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU libopts __strstr_sse2 memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8746",
"datePublished": "2025-08-09T06:02:07.329Z",
"dateReserved": "2025-08-08T09:14:11.987Z",
"dateUpdated": "2025-08-11T17:56:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8746 (GCVE-0-2025-8746)
Vulnerability from nvd – Published: 2025-08-09 06:02 – Updated: 2025-08-11 17:56
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
nipc-cxd (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T17:54:28.716974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T17:56:50.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libopts",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "27.0"
},
{
"status": "affected",
"version": "27.1"
},
{
"status": "affected",
"version": "27.2"
},
{
"status": "affected",
"version": "27.3"
},
{
"status": "affected",
"version": "27.4"
},
{
"status": "affected",
"version": "27.5"
},
{
"status": "affected",
"version": "27.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nipc-cxd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GNU libopts bis 27.6 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion __strstr_sse2. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T06:02:07.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319242 | GNU libopts __strstr_sse2 memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319242"
},
{
"name": "VDB-319242 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319242"
},
{
"name": "Submit #623632 | tcpreplay tcpliveplay tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Segmentation Fault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623632"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T11:19:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU libopts __strstr_sse2 memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8746",
"datePublished": "2025-08-09T06:02:07.329Z",
"dateReserved": "2025-08-08T09:14:11.987Z",
"dateUpdated": "2025-08-11T17:56:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}