CVE-2025-48964
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-48964
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48964.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-48964
- Aliases
-
- GHSA-25fr-jw29-74f9
- Downstream
- Published
- 2025-07-22T18:15:36Z
- Modified
- 2025-07-25T16:47:14.455906Z
- Summary
- [none]
- Details
-
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
- References
-
- https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
- https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
- https://bugzilla.suse.com/show_bug.cgi?id=1243772
- https://github.com/iputils/iputils/issues
- https://github.com/iputils/iputils/releases/tag/20250602
Affected packages
Git / github.com/iputils/iputils
Affected ranges
- Type
- GIT
- Repo
- https://github.com/iputils/iputils
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
20210202
20210722
20211215
20221126
20231222
20240117
20240905
meson
remove-old-build-system
s20060425
s20060512
s20070202
s20071127
s20100214
s20100418
s20101006
s20121011
s20121106
s20121112
s20121114
s20121121
s20121125
s20121126
s20121205
s20121207
s20121221
s20140419
s20140420
s20140519
s20150815
s20160308
s20161105
s20180629
s20190324
s20190515
s20190709
s20200821
start