#VU113637 Integer overflow in iputils - CVE-2025-47268

Cybersecurity Help s.r.o.

Published: 2025-08-05

Vulnerability identifier: #VU113637

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-47268

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
iputils
Other software / Other software solutions

Vendor: iputils

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an integer overflow within the ping command when handling ICMP Echo Reply packets. A remote attacker can trick the victim to ping a malicious server, trigger an integer overflow and crash the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

iputils: 20210202 - 20240905

External links
https://bugzilla.suse.com/show_bug.cgi?id=1242300
https://github.com/iputils/iputils/issues/584
https://github.com/iputils/iputils/pull/585
https://github.com/iputils/iputils/releases/tag/20250602
https://github.com/Zephkek/ping-rtt-overflow/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Watson Speech Services Cartridge

Multiple vulnerabilities in IBM Storage Virtualize

SUSE update for iputils

Multiple vulnerabilities in Multicluster Engine for Kubernetes 2.8

openEuler 24.03 LTS update for iputils

openEuler 24.03 LTS SP1 update for iputils

openEuler 24.03 LTS SP2 update for iputils

openEuler 22.03 LTS SP3 update for iputils

openEuler 22.03 LTS SP4 update for iputils

Ubuntu update for iputils