UBUNTU-CVE-2026-58058

Source
https://ubuntu.com/security/CVE-2026-58058
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-58058
Upstream
Published
2026-06-28T02:16:00Z
Modified
2026-06-29T23:19:15.853447494Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdata_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.

References

Affected packages

Ubuntu:14.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*
6.40-0.1ubuntu1
6.40-0.2ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "nmap",
            "binary_version": "6.40-0.2ubuntu1"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "6.40-0.2ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:16.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*
6.47-7
7.*
7.01-2ubuntu1
7.01-2ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ndiff",
            "binary_version": "7.01-2ubuntu2"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.01-2ubuntu2"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "7.01-2ubuntu2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:18.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.60-1ubuntu1
7.60-1ubuntu2
7.60-1ubuntu3
7.60-1ubuntu4
7.60-1ubuntu5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ndiff",
            "binary_version": "7.60-1ubuntu5"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.60-1ubuntu5"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "7.60-1ubuntu5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:20.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.80+dfsg1-1build1
7.80+dfsg1-1build2
7.80+dfsg1-2
7.80+dfsg1-2build1
7.80+dfsg1-2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ncat",
            "binary_version": "7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "ndiff",
            "binary_version": "7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "nmap-common",
            "binary_version": "7.80+dfsg1-2ubuntu0.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:22.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.91+dfsg1+really7.80+dfsg1-2
7.91+dfsg1+really7.80+dfsg1-2build1
7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ncat",
            "binary_version": "7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "ndiff",
            "binary_version": "7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1"
        },
        {
            "binary_name": "nmap-common",
            "binary_version": "7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:24.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.94+git20230807.3be01efb1+dfsg-1
7.94+git20230807.3be01efb1+dfsg-2
7.94+git20230807.3be01efb1+dfsg-3
7.94+git20230807.3be01efb1+dfsg-3build1
7.94+git20230807.3be01efb1+dfsg-3build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ncat",
            "binary_version": "7.94+git20230807.3be01efb1+dfsg-3build2"
        },
        {
            "binary_name": "ndiff",
            "binary_version": "7.94+git20230807.3be01efb1+dfsg-3build2"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.94+git20230807.3be01efb1+dfsg-3build2"
        },
        {
            "binary_name": "nmap-common",
            "binary_version": "7.94+git20230807.3be01efb1+dfsg-3build2"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "7.94+git20230807.3be01efb1+dfsg-3build2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:25.10
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.95+dfsg-2
7.95+dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ncat",
            "binary_version": "7.95+dfsg-3"
        },
        {
            "binary_name": "ndiff",
            "binary_version": "7.95+dfsg-3"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.95+dfsg-3"
        },
        {
            "binary_name": "nmap-common",
            "binary_version": "7.95+dfsg-3"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "7.95+dfsg-3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"
Ubuntu:26.04:LTS
nmap

Package

Name
nmap
Purl
pkg:deb/ubuntu/nmap?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.95+dfsg-3
7.98+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "ncat",
            "binary_version": "7.98+dfsg-1"
        },
        {
            "binary_name": "ndiff",
            "binary_version": "7.98+dfsg-1"
        },
        {
            "binary_name": "nmap",
            "binary_version": "7.98+dfsg-1"
        },
        {
            "binary_name": "nmap-common",
            "binary_version": "7.98+dfsg-1"
        },
        {
            "binary_name": "zenmap",
            "binary_version": "7.98+dfsg-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58058.json"