{"id":"CVE-2025-47268","details":"ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.","modified":"2026-04-16T04:31:01.662791650Z","published":"2025-05-05T14:15:29.063Z","related":["ALSA-2025:9421","ALSA-2025:9432","SUSE-SU-2025:01771-1","SUSE-SU-2025:01776-1","SUSE-SU-2025:01776-2","SUSE-SU-2025:01777-1","SUSE-SU-2025:01779-1","SUSE-SU-2025:01779-2","SUSE-SU-2025:1771-1","SUSE-SU-2025:20380-1","SUSE-SU-2025:20442-1","openSUSE-SU-2025:15089-1"],"references":[{"type":"WEB","url":"https://github.com/iputils/iputils/releases/tag/20250602"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1242300"},{"type":"FIX","url":"https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40"},{"type":"FIX","url":"https://github.com/iputils/iputils/issues/584"},{"type":"FIX","url":"https://github.com/iputils/iputils/pull/585"},{"type":"EVIDENCE","url":"https://github.com/Zephkek/ping-rtt-overflow/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/iputils/iputils","events":[{"introduced":"0"},{"last_affected":"10b50784aae3fb75c96cdf9b1668916b49557dd5"},{"fixed":"070cfacd7348386173231fb16fad4983d4e6ae40"},{"fixed":"23b06385444fba29c898370ae6f297e41c11667b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20240905"}]}}],"versions":["20210202","20210722","20211215","20221126","20231222","20240117","20240905","meson","s20060425","s20060512","s20070202","s20071127","s20100214","s20100418","s20101006","s20121011","s20121106","s20121112","s20121114","s20121121","s20121125","s20121126","s20121205","s20121207","s20121221","s20140419","s20140420","s20140519","s20150815","s20160308","s20161105","s20180629","s20190324","s20190515","s20190709","s20200821","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47268.json","vanir_signatures":[{"digest":{"line_hashes":["311609702589764496770859550528270878315","28497292084892826627675934632952583372","60713663631829141220260644321170526286","151577356486398732567788510430629652296","60494942356459311149308968689729579046","16003559683473755032927480083512513436","197005416518773971239077807193597619486","162823849199209985527841084726358666624","135412890435703013626003745938000401079","181993326875409586635103301443409265044","53296244989008936503151032554208787934","17611392801909787359363245411369926561","136177144949063511213769809144470209664"],"threshold":0.9},"target":{"file":"ping/ping_common.c"},"id":"CVE-2025-47268-11758788","deprecated":false,"source":"https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40","signature_type":"Line","signature_version":"v1"},{"digest":{"length":3455,"function_hash":"105672088197061194410684573106350053523"},"target":{"file":"ping/ping_common.c","function":"gather_statistics"},"id":"CVE-2025-47268-9da348d3","deprecated":false,"source":"https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40","signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T17:04:13Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}