2 files changed, 39 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
new file mode 100644
index 0000000000..a1c19d6f07
--- /dev/null
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
@@ -0,0 +1,38 @@
+From 5c12534cdb3c360fb8ec1a8d83ec64449bc9e41d Mon Sep 17 00:00:00 2001
+From: Jackson <jacksonj2@kpit.com>
+Date: Mon, 12 Jan 2026 00:32:07 +0530
+Subject: [PATCH] CVE-2025-9384: Bug #894 stop on --portmap syntax error
+src/tcprewrite -r 1:2 -i ping.pcap -c ping.cache -o out.pcap
+src/tcprewrite -r 1-:2 -i ping.pcap -c ping.cache -o out.pcap
+Fatal Error in ../../src/tcprewrite.c:main() line 86:
+Unable to parse args: From ../../../src/tcpedit/parse_args.c:tcpedit_post_args() line 189:
+Unable to parse --portmap=1-:2
+CVE: CVE-2025-9384
+Upstream-Status: Backport [https://github.com/appneta/tcpreplay/pull/946/commits/f6e6ee460ad9fe01e24a1579166b3f7a8c2158a7]
+Comment: Patch refreshed
+Signed-off-by: Jackson <jacksonj2@kpit.com>
+---
+ src/tcpedit/portmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/tcpedit/portmap.c b/src/tcpedit/portmap.c
+index 5fe1779..1e54728 100644
+--- a/src/tcpedit/portmap.c
+++ b/src/tcpedit/portmap.c
+@@ -104,7 +104,7 @@ ports2PORT(char *ports)
+         from_begin = strtok_r(from_s, "-", &token2);
+         from_end = strtok_r(NULL, "-", &token2);
+         long from_b = strtol(from_begin, &badchar, 10);
+-        if (strlen(badchar) != 0) {
+        if (!from_begin || !from_end || strlen(badchar) != 0) {
+             free(portmap);
+             return NULL;
+         }
+-- 
+2.34.1
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 29207bc89f..9e6a3301d2 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcprepl
           file://CVE-2023-43279.patch \
           file://CVE-2025-9157.patch \
           file://CVE-2025-51006.patch \
+           file://CVE-2025-9384.patch \
 "
 SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"

diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch new file mode 100644 index 0000000000..a1c19d6f07 --- /dev/null +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
@@ -0,0 +1,38 @@
		1	From 5c12534cdb3c360fb8ec1a8d83ec64449bc9e41d Mon Sep 17 00:00:00 2001
		2	From: Jackson <jacksonj2@kpit.com>
		3	Date: Mon, 12 Jan 2026 00:32:07 +0530
		4	Subject: [PATCH] CVE-2025-9384: Bug #894 stop on --portmap syntax error
		5
		6	src/tcprewrite -r 1:2 -i ping.pcap -c ping.cache -o out.pcap
		7	src/tcprewrite -r 1-:2 -i ping.pcap -c ping.cache -o out.pcap
		8
		9	Fatal Error in ../../src/tcprewrite.c:main() line 86:
		10	Unable to parse args: From ../../../src/tcpedit/parse_args.c:tcpedit_post_args() line 189:
		11	Unable to parse --portmap=1-:2
		12
		13	CVE: CVE-2025-9384
		14
		15	Upstream-Status: Backport [https://github.com/appneta/tcpreplay/pull/946/commits/f6e6ee460ad9fe01e24a1579166b3f7a8c2158a7]
		16	Comment: Patch refreshed
		17
		18	Signed-off-by: Jackson <jacksonj2@kpit.com>
		19	---
		20	src/tcpedit/portmap.c \| 2 +-
		21	1 file changed, 1 insertion(+), 1 deletion(-)
		22
		23	diff --git a/src/tcpedit/portmap.c b/src/tcpedit/portmap.c
		24	index 5fe1779..1e54728 100644
		25	--- a/src/tcpedit/portmap.c
		26	+++ b/src/tcpedit/portmap.c
		27	@@ -104,7 +104,7 @@ ports2PORT(char *ports)
		28	from_begin = strtok_r(from_s, "-", &token2);
		29	from_end = strtok_r(NULL, "-", &token2);
		30	long from_b = strtol(from_begin, &badchar, 10);
		31	- if (strlen(badchar) != 0) {
		32	+ if (!from_begin \|\| !from_end \|\| strlen(badchar) != 0) {
		33	free(portmap);
		34	return NULL;
		35	}
		36	--
		37	2.34.1
		38


diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 29207bc89f..9e6a3301d2 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcprepl
15	file://CVE-2023-43279.patch \	15	file://CVE-2023-43279.patch \
16	file://CVE-2025-9157.patch \	16	file://CVE-2025-9157.patch \
17	file://CVE-2025-51006.patch \	17	file://CVE-2025-51006.patch \
		18	file://CVE-2025-9384.patch \
18	"	19	"
19		20
20	SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"	21	SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"