CVE-2025-47268Integer Overflow or Wraparound in Iputils

CWE-190Integer Overflow or Wraparound12 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 33.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
IputilsDebian IputilsMsrc Azl3 Iputils 20240117-2 ON Azure Linux 3.0+2 more
Timeline
PublishedMay 5
Latest updateJul 24

Description

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages7 packages

debiandebian/iputils< iputils 3:20250605-1 (forky)+1
NVDiputils/iputils< 20250602
Alpineiputils/iputils< 20250602-r0
Debianiputils/iputils< 3:20250605-1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-48964: ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP E2025-07-22
GHSA
GHSA-c2mm-9c32-xc37: ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, bec2025-05-05
OSV
CVE-2025-47268: ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, beca2025-05-05

📋Vendor Advisories

7
Ubuntu
iputils vulnerability2025-07-24
Red Hat
iputils: iputils integer overflow2025-07-22
Microsoft
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lea2025-07-08
Microsoft
ping in iputils before 20250602 allows a denial of service2025-05-13
Red Hat
iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping2025-05-05
CVE-2025-47268 — Integer Overflow or Wraparound | cvebase