CVE-2025-48964

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

References

Affected packages

Git / github.com/iputils/iputils

Affected ranges

Type: GIT
Repo: https://github.com/iputils/iputils
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

23b06385444fba29c898370ae6f297e41c11667b

Fixed

afa36390394a6e0cceba03b52b59b6d41710608c

Affected versions

Other

20210202

20210722

20211215

20221126

20231222

20240117

20240905

meson

remove-old-build-system

s20060425

s20060512

s20070202

s20071127

s20100214

s20100418

s20101006

s20121011

s20121106

s20121112

s20121114

s20121121

s20121125

s20121126

s20121205

s20121207

s20121221

s20140419

s20140420

s20140519

s20150815

s20160308

s20161105

s20180629

s20190324

s20190515

s20190709

s20200821

start

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2025-48964-0c05cc6c",
            "signature_type": "Function",
            "digest": {
                "function_hash": "105800759686091478616109654108315309418",
                "length": 833.0
            },
            "target": {
                "file": "ping/ping_common.c",
                "function": "status"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
            "id": "CVE-2025-48964-244608f2",
            "signature_type": "Function",
            "digest": {
                "function_hash": "182369497541208949835654161418634595855",
                "length": 3933.0
            },
            "target": {
                "file": "ping/ping_common.c",
                "function": "gather_statistics"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
            "id": "CVE-2025-48964-98735526",
            "signature_type": "Function",
            "digest": {
                "function_hash": "320744615718063868566799818644641732743",
                "length": 2381.0
            },
            "target": {
                "file": "ping/ping_common.c",
                "function": "finish"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
            "id": "CVE-2025-48964-be293a74",
            "signature_type": "Function",
            "digest": {
                "function_hash": "248644319895647912990678951575326585785",
                "length": 295.0
            },
            "target": {
                "file": "ping/ping_common.c",
                "function": "update_interval"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
            "id": "CVE-2025-48964-dc58d12c",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "184244054427350677747505818593335869457",
                    "79864056242559352940177094044847432904",
                    "281112926037385653755583731290289387881",
                    "14378619380022651259894420556666271008"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "ping/ping.h"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
            "id": "CVE-2025-48964-e8e1e234",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "172667537343146237084421659125579529306",
                    "263864512992887303460567478434021495081",
                    "128349263759841004618263781749458859886",
                    "177713245018295066211307247864765100649",
                    "252861672801800511137120927670263489188",
                    "71860858544167501117536858718771017896",
                    "274751373014095972239683953090511380240",
                    "302129665924753023279493093151396176024",
                    "114870192407911933918802621422706357136",
                    "18976050152437949294195938989840790933",
                    "74814264016706226533781185928517186157",
                    "6966166561717910608644556984234812578",
                    "286607477162037183782043205801468994832",
                    "135290569510039796102923371126699871500",
                    "312789501723618544070369177200734121125",
                    "36935260760085448129949232389171640331"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "ping/ping_common.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        }
    ]
}