iputils Ping Integer Overflow Vulnerability in Statistics Calculations via Zero Timestamp

A denial-of-service vulnerability has been identified in the 'ping' utility of 'iputils' through version '20240905'. The issue arises in adaptive ping mode, where a crafted ICMP Echo Reply packet with a zero timestamp can cause large intermediate values that lead to an integer overflow when squared during statistical calculations. This vulnerability persists despite an earlier fix for a related issue (CVE-2025-47268'), which did not address the scenario of a zeroed timestamp in the ICMP payload.

Impact

Exploitation of this vulnerability causes an integer overflow that disrupts ping's round-trip time statistics, leading to incorrect data such as exaggerated ping times and negative packet loss percentages. In adaptive ping mode, the corrupted data disrupts timing calculations, causing the tool to misrepresent network conditions.

Reproduction

The vulnerability can be reproduced by sending ICMP Echo Reply packets with zero timestamps to a target running the affected version of 'iputils' ping. This can be done using a crafted program that intercepts Echo Requests and replies with malicious packets that exploit the vulnerability.

Remediation

Users can update to 'iputils' version '20250602' or later, where this vulnerability has been fixed.