CVE-2025-48964

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-48964
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48964.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-48964
Aliases
  • GHSA-25fr-jw29-74f9
Downstream
Related
Published
2025-07-22T18:15:36Z
Modified
2025-10-18T06:47:00.336625Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

References

Affected packages

Git / github.com/iputils/iputils

Affected ranges

Type
GIT
Repo
https://github.com/iputils/iputils
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23b06385444fba29c898370ae6f297e41c11667b
Fixed
afa36390394a6e0cceba03b52b59b6d41710608c

Affected versions

Other

20210202
20210722
20211215
20221126
20231222
20240117
20240905
meson
remove-old-build-system
s20060425
s20060512
s20070202
s20071127
s20100214
s20100418
s20101006
s20121011
s20121106
s20121112
s20121114
s20121121
s20121125
s20121126
s20121205
s20121207
s20121221
s20140419
s20140420
s20140519
s20150815
s20160308
s20161105
s20180629
s20190324
s20190515
s20190709
s20200821
start

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 833.0,
            "function_hash": "105800759686091478616109654108315309418"
        },
        "signature_type": "Function",
        "target": {
            "function": "status",
            "file": "ping/ping_common.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-0c05cc6c"
    },
    {
        "digest": {
            "length": 3933.0,
            "function_hash": "182369497541208949835654161418634595855"
        },
        "signature_type": "Function",
        "target": {
            "function": "gather_statistics",
            "file": "ping/ping_common.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-244608f2"
    },
    {
        "digest": {
            "length": 2381.0,
            "function_hash": "320744615718063868566799818644641732743"
        },
        "signature_type": "Function",
        "target": {
            "function": "finish",
            "file": "ping/ping_common.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-98735526"
    },
    {
        "digest": {
            "length": 295.0,
            "function_hash": "248644319895647912990678951575326585785"
        },
        "signature_type": "Function",
        "target": {
            "function": "update_interval",
            "file": "ping/ping_common.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-be293a74"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "184244054427350677747505818593335869457",
                "79864056242559352940177094044847432904",
                "281112926037385653755583731290289387881",
                "14378619380022651259894420556666271008"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "ping/ping.h"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-dc58d12c"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172667537343146237084421659125579529306",
                "263864512992887303460567478434021495081",
                "128349263759841004618263781749458859886",
                "177713245018295066211307247864765100649",
                "252861672801800511137120927670263489188",
                "71860858544167501117536858718771017896",
                "274751373014095972239683953090511380240",
                "302129665924753023279493093151396176024",
                "114870192407911933918802621422706357136",
                "18976050152437949294195938989840790933",
                "74814264016706226533781185928517186157",
                "6966166561717910608644556984234812578",
                "286607477162037183782043205801468994832",
                "135290569510039796102923371126699871500",
                "312789501723618544070369177200734121125",
                "36935260760085448129949232389171640331"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "ping/ping_common.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c",
        "id": "CVE-2025-48964-e8e1e234"
    }
]