CVE-2026-25061
Unknown Unknown - Not Provided
Off-by-One Buffer Overflow in tcpflow wifipcap Causes DoS

Publication date: 2026-01-29

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25061
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
digitalcorpora tcpflow to 1.6.1 (inc)
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in wifipcap versions up to 1.61, where the software incorrectly performs a length check on the wrong field when parsing the TIM element of 802.11 management frames. A specially crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past the buffer tim.bitmap[251], leading to a small buffer overflow on the stack.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) due to the out-of-bounds write. While code execution is theoretically possible, it is uncertain. The overflow is small and affects a stack-allocated structure, which may cause the application to crash or behave unexpectedly.

Mitigation Strategies

As of the time of publication, no known patches are available. Immediate mitigation steps are not specified in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart