CVE-2026-13587
Received Received - Intake

Heap-based Buffer Overflow in PcapPlusPlus LightPcapNg Parser

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: VulDB

Description
A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-13587
EUVD
EUVD-2026-40134

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
seladb pcapplusplus 25.05

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow found in the LightPcapNg parser component of seladb PcapPlusPlus version 25.05. Specifically, it occurs in the function parse_by_block_type within the file light_pcapng.c. The issue arises when the argument captured_packet_length is manipulated, leading to an overflow during a memcpy operation because the length value is not properly validated. This can be triggered remotely by an attacker providing a malicious packet length.

The vulnerability was discovered through fuzz testing using AddressSanitizer, which showed that the allocated heap buffer was smaller than the requested copy length, causing the overflow. The exploit has been made public and can be used, although the attack complexity is high and exploitability is difficult.

Impact Analysis

This vulnerability can lead to a heap-buffer-overflow condition that may cause information disclosure or denial of service when processing malicious packets. An attacker could exploit this remotely by sending crafted packets with manipulated lengths, potentially causing the affected application to crash or leak sensitive information.

Detection Guidance

The vulnerability in PcapPlusPlus 25.05's LightPcapNg parser can be detected by using fuzz testing tools such as AddressSanitizer, which revealed the heap-buffer-overflow during testing. Specifically, the issue occurs in the parse_by_block_type() function when processing malicious packet lengths.

To detect exploitation attempts or presence of this vulnerability, you can monitor for crashes or abnormal behavior in applications using PcapPlusPlus when processing pcapng files.

While no direct detection commands are provided, you can use tools like AddressSanitizer with fuzzers (e.g., FuzzTargetNg) on your PcapPlusPlus-based applications to identify the vulnerability.

Mitigation Strategies

Immediate mitigation steps include avoiding processing untrusted or malicious pcapng files with the vulnerable version (25.05) of PcapPlusPlus.

If possible, update or patch the PcapPlusPlus library to a version where this vulnerability is fixed.

Additionally, consider running applications that use PcapPlusPlus with memory protection tools such as AddressSanitizer to detect and prevent exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart