OESA-2025-2157
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2157
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2157.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2157
- Upstream
- Published
- 2025-09-05T12:42:51Z
- Modified
- 2025-09-05T13:03:34.737128Z
- Summary
- iputils security update
- Details
-
The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHO_REQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic.
Security Fix(es):
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).(CVE-2025-48964)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS-SP2 / iputils
Package
- Name
- iputils
- Purl
- pkg:rpm/openEuler/iputils&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20221126-8.oe2403sp2
Ecosystem specific
{
"aarch64": [
"iputils-20221126-8.oe2403sp2.aarch64.rpm",
"iputils-debuginfo-20221126-8.oe2403sp2.aarch64.rpm",
"iputils-debugsource-20221126-8.oe2403sp2.aarch64.rpm"
],
"src": [
"iputils-20221126-8.oe2403sp2.src.rpm"
],
"noarch": [
"iputils-help-20221126-8.oe2403sp2.noarch.rpm"
],
"x86_64": [
"iputils-20221126-8.oe2403sp2.x86_64.rpm",
"iputils-debuginfo-20221126-8.oe2403sp2.x86_64.rpm",
"iputils-debugsource-20221126-8.oe2403sp2.x86_64.rpm"
]
}