CVE-2026-25061
Unknown Unknown - Not Provided

Off-by-One Buffer Overflow in tcpflow wifipcap Causes DoS

Vulnerability report for CVE-2026-25061, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-29

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-29
Last Modified
2026-02-25
Generated
2026-07-06
AI Q&A
2026-01-30
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
digitalcorpora tcpflow to 1.6.1 (inc)
debian debian_linux 11.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in wifipcap versions up to 1.61, where the software incorrectly performs a length check on the wrong field when parsing the TIM element of 802.11 management frames. A specially crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past the buffer tim.bitmap[251], leading to a small buffer overflow on the stack.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) due to the out-of-bounds write. While code execution is theoretically possible, it is uncertain. The overflow is small and affects a stack-allocated structure, which may cause the application to crash or behave unexpectedly.

Mitigation Strategies

As of the time of publication, no known patches are available. Immediate mitigation steps are not specified in the provided information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart