CVE-2026-29976
Buffer Overflow in ZerBea hcxpcapngtool Exposes Sensitive Data
Publication date: 2026-03-26
Last updated on: 2026-04-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zerbea | hcxtools | 7.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29976 is a buffer overflow vulnerability in the function getradiotapfield within the hcxpcapngtool utility (version 7.0.1-43-g2ee308e) of the hcxtools project.
The issue occurs when the tool processes a specially crafted input file, such as a malicious .pcap file, causing an internal index to exceed valid bounds. This leads to an out-of-bounds read (buffer overflow) in memory.
This overflow triggers a program crash, resulting in a denial of service (DoS). It is currently unknown if the vulnerability can be exploited for arbitrary code execution or unauthorized data access, but there is a possibility of reading unauthorized data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e is a buffer overflow that leads to a denial of service (DoS) via a crash when processing malicious input. It is currently unknown if this vulnerability can be exploited to access unauthorized data or execute arbitrary code.
Because there is no confirmed unauthorized data access or data breach resulting from this vulnerability, its direct impact on compliance with standards like GDPR or HIPAA, which focus on protecting sensitive data, is unclear.
However, if exploitation were to lead to unauthorized data exposure, it could potentially affect compliance with such regulations. As it stands, the primary impact is denial of service, which may affect availability but not necessarily confidentiality or integrity of data.
How can this vulnerability impact me? :
This vulnerability can cause the hcxpcapngtool program to crash when processing maliciously crafted input files, resulting in a denial of service (DoS).
There is also a potential risk that an attacker could read unauthorized sensitive information due to the out-of-bounds memory access, although exploitation for arbitrary code execution or data theft is currently unknown.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by processing specially crafted input files, such as malicious .pcap files, with the hcxpcapngtool utility version 7.0.1-43-g2ee308e.
Detection can involve attempting to process suspicious or untrusted .pcap files with the vulnerable version of hcxpcapngtool and monitoring for crashes or denial-of-service behavior.
A possible command to test detection could be:
- Run `hcxpcapngtool` on a suspect .pcap file: `./hcxpcapngtool suspicious_capture.pcap` and observe if the tool crashes or exhibits abnormal behavior.
Additionally, using debugging tools like AddressSanitizer or running the tool under a debugger may help identify the buffer overflow triggered by crafted inputs.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of hcxpcapngtool version 7.0.1-43-g2ee308e on untrusted or potentially malicious .pcap files.
If processing such files is necessary, consider upgrading to a patched or newer version of hcxtools/hcxpcapngtool once available.
As a temporary measure, restrict access to the tool and validate input files before processing to reduce the risk of triggering the buffer overflow.