CVE-2025-48964
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-08-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iputils | ping | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ping utility of iputils through version 20240905. It allows a denial of service caused by an application error in adaptive ping mode or incorrect data collection. The issue arises when a crafted ICMP Echo Reply packet contains a zero timestamp, which leads to large intermediate values that cause an integer overflow during statistics calculations. This problem is due to an incomplete fix for a previous vulnerability (CVE-2025-47268) that did not handle the case where the original timestamp in the ICMP payload is zero.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service (DoS) by crashing or causing errors in the ping application when it processes specially crafted ICMP Echo Reply packets. This can disrupt network diagnostics or monitoring that rely on ping, potentially affecting system availability or network troubleshooting.