Vulnerability Description
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Libopts | <= 27.6 |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=shariExploit
- https://github.com/appneta/tcpreplay/issues/957ExploitIssue TrackingVendor Advisory
- https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.319242Permissions RequiredVDB Entry
- https://vuldb.com/?id.319242Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.623632ExploitThird Party AdvisoryVDB Entry
- https://www.gnu.org/Product
- https://github.com/appneta/tcpreplay/issues/957ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-8746?
CVE-2025-8746 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required...
How severe is CVE-2025-8746?
CVE-2025-8746 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8746?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Libopts.