216.73.216.170

CVE-2025-48964

· Published 22/07/2025 18:15 · Modified 23/07/2025 15:15

Labels: CVE-2025-48964 2025-07-22CVE-2025-48964CWE-190[email protected]

Essential information

Published
22/07/2025 18:15
Modified
23/07/2025 15:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS metrics

Description

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netinet / iputils cpe:2.3:a:netinet:iputils:*:*:*:*:*:*:*:*

References