A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-119",
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13589.json"
}"2026-07-09T19:18:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13589.json"
[
{
"signature_type": "Function",
"target": {
"file": "Tests/Packet++Test/main.cpp",
"function": "main"
},
"deprecated": false,
"digest": {
"length": 13943.0,
"function_hash": "217823748971136744959445098459058081666"
},
"id": "CVE-2026-13589-07e1f6c6",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Tests/Packet++Test/Tests/TelnetTests.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"336449698719518472553756953738360504482",
"273608790671295807465392600420095041407",
"284257564066288198691951438609838729710"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-0ad55539",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "Packet++/src/SSLHandshake.cpp",
"function": "SSLClientHelloMessage::getHandshakeVersion"
},
"deprecated": false,
"digest": {
"length": 134.0,
"function_hash": "240910796103947242340320125644092402158"
},
"id": "CVE-2026-13589-39fad3f7",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Packet++/src/SSLHandshake.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"23475467191258109890865392587990559415",
"317513418531556080825557898863692637889",
"249260188854115796949255803486406517662",
"100460988187327377984120895877738435220",
"151961159786647446665951699392540973342",
"18343601474698899798836485120080880023",
"168503510838904995196688509466266917373"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-5520e881",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "Packet++/src/TelnetLayer.cpp",
"function": "TelnetLayer::getFieldLen"
},
"deprecated": false,
"digest": {
"length": 516.0,
"function_hash": "64530128048131850997437488756051018090"
},
"id": "CVE-2026-13589-8482bf9a",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "Packet++/src/SSLHandshake.cpp",
"function": "SSLServerHelloMessage::getHandshakeVersion"
},
"deprecated": false,
"digest": {
"length": 400.0,
"function_hash": "84954212636711382870343475381041124570"
},
"id": "CVE-2026-13589-9cc8c63f",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Tests/Packet++Test/TestDefinition.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"160620450379764715478761082873010800112",
"253833480575525124639451525535943841751",
"194976479760050435721766871619608773730",
"46955084236245203878693397626678664794",
"283172730666298634771863218536021364580",
"191201273829929289785622157974965850998",
"263737484405563882428156022705558191791",
"159328907277084608301356414977276027123"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-d679a041",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Tests/Packet++Test/Tests/SSLTests.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"54585861972326685238396232403613731607",
"7021892063312519075160858833607803688",
"319885028695741780411797402061569415935"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-ee5ca307",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Packet++/src/TelnetLayer.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"280976480208517297156902697721174951266",
"303998403583394841415768396797453391173",
"83055894726114644735311484752152298180",
"308224595456431346839335098757625952668"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-f4490427",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "Tests/Packet++Test/main.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"61657402017217737840873166431747985178",
"173948576258895969704569629774232708977",
"36666762383856653548870154842157625636",
"280544293123603308998507562536566251918",
"321137452563574503563737364946071241101",
"96725043861684903173141092725143264031",
"310799868980042191080388059526410241120",
"265139228192807838662176692787931767322"
],
"threshold": 0.9
},
"id": "CVE-2026-13589-f8a01232",
"source": "https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b",
"signature_version": "v1"
}
]