CVE-2025-48964

{"id": "CVE-2025-48964", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-07-22T18:15:36.020", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1243772", "source": "cve@mitre.org"}, {"url": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c", "source": "cve@mitre.org"}, {"url": "https://github.com/iputils/iputils/issues", "source": "cve@mitre.org"}, {"url": "https://github.com/iputils/iputils/releases/tag/20250602", "source": "cve@mitre.org"}, {"url": "https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero)."}, {"lang": "es", "value": "El ping en iputils hasta la versi\u00f3n 20240905 permite una denegaci\u00f3n de servicio (error de aplicaci\u00f3n en modo ping adaptativo o recopilaci\u00f3n incorrecta de datos) mediante un paquete de respuesta de eco ICMP manipulado, ya que una marca de tiempo cero puede generar valores intermedios grandes que presentan un desbordamiento de enteros al elevarlos al cuadrado durante los c\u00e1lculos estad\u00edsticos. NOTA: Este problema existe debido a una correcci\u00f3n incompleta para CVE-2025-47268 (dicha correcci\u00f3n solo afectaba a los c\u00e1lculos de marca de tiempo y no contemplaba un escenario espec\u00edfico donde la marca de tiempo original en la payload ICMP es cero)."}], "lastModified": "2025-07-25T15:29:44.523", "sourceIdentifier": "cve@mitre.org"}