CVE-2025-48964Integer Overflow or Wraparound in Iputils

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
IputilsDebian IputilsMsrc Azl3 Iputils 20240117-2 ON Azure Linux 3.0+2 more
Timeline
PublishedJul 22
Latest updateJul 24

Description

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timesta

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages5 packages

Alpineiputils/iputils< 20250602-r0

🔴Vulnerability Details

1
OSV
CVE-2025-48964: ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP E2025-07-22

📋Vendor Advisories

4
Ubuntu
iputils vulnerability2025-07-24
Red Hat
iputils: iputils integer overflow2025-07-22
Microsoft
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lea2025-07-08
Debian
CVE-2025-48964: iputils - ping in iputils before 20250602 allows a denial of service (application error in...2025
CVE-2025-48964 — Integer Overflow or Wraparound | cvebase