发布时间: 2025年9月5日
修改时间: 2025年9月12日
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 6.5 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | Low | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2852 | iputils security update | 2025年9月25日 |
| KylinSec-SA-2025-2892 | iputils security update | 2025年9月26日 |
| 产品 | 包 | 状态 |
|---|---|---|
| V6 | iputils | Fixed |
| KY3.5.3 | iputils | Fixed |
| KY3.5.2 | iputils | Fixed |
