ALPINE-CVE-2025-48964

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-48964

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-48964.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-48964

Upstream

CVE-2025-48964

Published

2025-07-22T18:15:36.020Z

Modified

2025-12-03T23:03:45.923286Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

References

https://security.alpinelinux.org/vuln/CVE-2025-48964

Affected packages

Alpine:v3.23 / iputils

Package

Name: iputils
Purl: pkg:apk/alpine/iputils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20250602-r0

Affected versions

Other

20071127-r0

20071127-r1

20100214-r0

20100214-r1

20100214-r2

20100214-r3

20100214-r4

20121126-r0

20121221-r0

20121221-r1

20121221-r2

20121221-r3

20121221-r4

20121221-r5

20121221-r6

20121221-r7

20121221-r8

20161105-r0

20161105-r1

20180629-r0

20180629-r1

20190709-r0

20190709-r1

20200821-r0

20210202-r0

20210722-r0

20211215-r0

20221126-r0

20221126-r1

20221126-r2

20231222-r0

20240117-r0

20240905-r0