vulnerability
Oracle Linux: CVE-2025-48964: ELSA-2025-17558: iputils security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jul 22, 2025 | Oct 10, 2025 | Oct 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jul 22, 2025
Added
Oct 10, 2025
Modified
Oct 10, 2025
Description
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
An integer overflow flaw has been discovered in the ping function within the iputils package. This overflow may allow an attacker to craft an ECHO reply which can prevent iputils from operating normally.
An integer overflow flaw has been discovered in the ping function within the iputils package. This overflow may allow an attacker to craft an ECHO reply which can prevent iputils from operating normally.
Solutions
oracle-linux-upgrade-iputilsoracle-linux-upgrade-iputils-ninfod
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.