CVE-2025-47268

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-47268
ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1242300 Issue Tracking
https://github.com/Zephkek/ping-rtt-overflow/ Exploit
https://github.com/iputils/iputils/issues/584 Exploit Issue Tracking Patch
https://github.com/iputils/iputils/pull/585 Exploit Issue Tracking Patch
https://github.com/iputils/iputils/releases/tag/20250602
https://github.com/Zephkek/ping-rtt-overflow/ Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:iputils_project:iputils:20240905:*:*:*:*:*:*:*
History

23 Jul 2025, 15:15

Type Values Removed Values Added
Summary (en) ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (en) ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
References
  • () https://github.com/iputils/iputils/releases/tag/20250602 -

13 Jun 2025, 18:21

Type Values Removed Values Added
First Time Iputils Project iputils
Iputils Project
References () https://bugzilla.suse.com/show_bug.cgi?id=1242300 - () https://bugzilla.suse.com/show_bug.cgi?id=1242300 - Issue Tracking
References () https://github.com/Zephkek/ping-rtt-overflow/ - () https://github.com/Zephkek/ping-rtt-overflow/ - Exploit
References () https://github.com/iputils/iputils/issues/584 - () https://github.com/iputils/iputils/issues/584 - Exploit, Issue Tracking, Patch
References () https://github.com/iputils/iputils/pull/585 - () https://github.com/iputils/iputils/pull/585 - Exploit, Issue Tracking, Patch
CPE cpe:2.3:a:iputils_project:iputils:20240905:*:*:*:*:*:*:*
Summary
  • (es) Ping en iputils hasta 20240905 permite una denegación de servicio (error de aplicación o recopilación de datos incorrecta) a través de un paquete de respuesta de eco ICMP manipulado, debido a un desbordamiento de entero con signo de 64 bits en la multiplicación de marcas de tiempo.

06 May 2025, 01:15

Type Values Removed Values Added
References
  • () https://bugzilla.suse.com/show_bug.cgi?id=1242300 -
  • () https://github.com/iputils/iputils/pull/585 -

05 May 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-05 14:15

Updated : 2025-07-23 15:15

NVD link : CVE-2025-47268

Mitre link : CVE-2025-47268

CVE.ORG link : CVE-2025-47268

JSON object : View

Products Affected

iputils_project

  • iputils
CWE
CWE-190

Integer Overflow or Wraparound