CVE-2025-47268

NameCVE-2025-47268
Descriptionping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1104746

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iputils (PTS)bullseye3:20210202-1vulnerable
bookworm3:20221126-1+deb12u1vulnerable
trixie, sid3:20240905-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iputilssource(unstable)(unfixed)unimportant1104746

Notes

https://github.com/iputils/iputils/issues/584
https://github.com/Zephkek/ping-rtt-overflow/
Fixed by: https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
Negligible security impact

Search for package or bug name: Reporting problems