8000 update: iputils · Issue #1766 · flatcar/Flatcar · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
update: iputils #1766
New issue
New issue
Open
Open
update: iputils#1766
Labels
advisorysecurity advisorycvss/MEDIUM>= 4 && < 7 assessed CVSSsecuritysecurity concerns
@dongsupark

Description

@dongsupark
dongsupark
opened on Jun 3, 2025

Name: iputils
CVEs: CVE-2025-47268, CVE-2025-48964
CVSSs: 6.5, n/a
Action Needed: update to >= 20250602

Summary:

  • CVE-2025-47268: ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
  • CVE-2025-48964: An integer overflow exists in ping that still works even after the CVE-2025-47268 patch. Basically if you send ping replies with zero timestamps, it causes massive numbers that overflow when squared in the statistics calculations. The CVE-2025-47268 fix doesn't catch this because the individual timestamp parts look valid, but the combined value is huge.

refmap.gentoo: TBD

Metadata

Metadata

Assignees

No one assigned

    Labels

    advisorysecurity advisorycvss/MEDIUM>= 4 && < 7 assessed CVSSsecuritysecurity concerns

    Type

    No type

    Projects

    Flatcar tactical, release planning, and roadmap

    Status

    🪵Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0