CVE-2025-48964

CVE-2025-48964

Name

CVE-2025-48964

Description

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://bugzilla.suse.com/show_bug.cgi?id=1243772
cve@mitre.org	https://github.com/iputils/iputils/issues
cve@mitre.org	https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
cve@mitre.org	https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
cve@mitre.org	https://github.com/iputils/iputils/releases/tag/20250602

Type

URI

cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=1243772

cve@mitre.org

https://github.com/iputils/iputils/issues

cve@mitre.org

https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9

cve@mitre.org

https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c

cve@mitre.org

https://github.com/iputils/iputils/releases/tag/20250602

CPE URI	Source package	Min version	Max version
	iputils	>= 0	< 20250602

CPE URI

Source package

Min version

Max version

iputils

>= 0

< 20250602

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
iputils	edge-main	20250602-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
iputils	edge-main	20240905-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
iputils	3.22-main	20240905-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
iputils	3.21-main	20240905-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
iputils	3.20-main	20240117-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
iputils	3.19-main	20221126-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

iputils

edge-main

20250602-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

iputils

edge-main