CVE-2025-48964 Information
Jul 23, 2025
cve
Description
ping in iputils through 20240905 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
Reference
https://bugzilla.suse.com/show_bug.cgi?id=1243772 https://github.com/iputils/iputils/issues https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
Related CNNVD
CNNVD-202507-2908 (Published: 2025-07-22)
Share on: