CVE-2025-48964

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1243772
https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
https://github.com/iputils/iputils/issues
https://github.com/iputils/iputils/releases/tag/20250602
https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9

Configurations

No configuration.

History

No history.

Information

Published : 2025-07-22 18:15

Updated : 2025-08-26 19:15

NVD link : CVE-2025-48964

Mitre link : CVE-2025-48964

CVE.ORG link : CVE-2025-48964

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-48964", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-07-22T18:15:36.020", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1243772", "source": "[email protected]"}, {"url": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c", "source": "[email protected]"}, {"url": "https://github.com/iputils/iputils/issues", "source": "[email protected]"}, {"url": "https://github.com/iputils/iputils/releases/tag/20250602", "source": "[email protected]"}, {"url": "https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero)."}, {"lang": "es", "value": "El ping en iputils hasta la versi\u00f3n 20240905 permite una denegaci\u00f3n de servicio (error de aplicaci\u00f3n en modo ping adaptativo o recopilaci\u00f3n incorrecta de datos) mediante un paquete de respuesta de eco ICMP manipulado, ya que una marca de tiempo cero puede generar valores intermedios grandes que presentan un desbordamiento de enteros al elevarlos al cuadrado durante los c\u00e1lculos estad\u00edsticos. NOTA: Este problema existe debido a una correcci\u00f3n incompleta para CVE-2025-47268 (dicha correcci\u00f3n solo afectaba a los c\u00e1lculos de marca de tiempo y no contemplaba un escenario espec\u00edfico donde la marca de tiempo original en la payload ICMP es cero)."}], "lastModified": "2025-08-26T19:15:41.143", "sourceIdentifier": "[email protected]"}