CVE-2025-47268

NameCVE-2025-47268
Descriptionping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1104746

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iputils (PTS)bullseye3:20210202-1vulnerable
bookworm3:20221126-1+deb12u1vulnerable
sid, trixie3:20240905-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iputilssource(unstable)(unfixed)1104746

Notes

[bookworm] - iputils <no-dsa> (Minor issue)
[bullseye] - iputils <postponed> (Minor issue, DoS)
https://github.com/iputils/iputils/issues/584
https://github.com/Zephkek/ping-rtt-overflow/

Search for package or bug name: Reporting problems