{"id":"CVE-2026-13589","summary":"seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow","details":"A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.","modified":"2026-07-09T19:18:38.794316Z","published":"2026-06-29T16:30:10.989Z","database_specific":{"cna_assigner":"VulDB","cwe_ids":["CWE-119","CWE-122"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13589.json"},"references":[{"type":"WEB","url":"https://github.com/seladb/PcapPlusPlus/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13589.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-13589"},{"type":"ADVISORY","url":"https://vuldb.com/cve/CVE-2026-13589"},{"type":"ADVISORY","url":"https://vuldb.com/submit/844482"},{"type":"ADVISORY","url":"https://vuldb.com/vuln/374592"},{"type":"REPORT","url":"https://github.com/seladb/PcapPlusPlus/issues/2152"},{"type":"REPORT","url":"https://vuldb.com/vuln/374592/cti"},{"type":"FIX","url":"https://github.com/seladb/PcapPlusPlus/commit/98e671010bc7c87b95898c22ae289220ae92542b"},{"type":"FIX","url":"https://github.com/seladb/PcapPlusPlus/pull/2161"},{"type":"EVIDENCE","url":"https://github.com/user-attachments/files/28214571/poc.zip"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/seladb/pcapplusplus","events":[{"introduced":"a49a79e0b67b402ad75ffa96c1795def36df75c8"},{"fixed":"98e671010bc7c87b95898c22ae289220ae92542b"}],"database_specific":{"extracted_events":[{"introduced":"25.05"},{"last_affected":"25.05"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["25.05","v25.05"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13589.json","vanir_signatures_modified":"2026-07-09T19:18:38Z","vanir_signatures":[{"id":"CVE-2026-13589-07e1f6c6","signature_type":"Function","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Tests/Packet++Test/main.cpp","function":"main"},"deprecated":false,"digest":{"length":13943,"function_hash":"217823748971136744959445098459058081666"}},{"deprecated":false,"digest":{"line_hashes":["336449698719518472553756953738360504482","273608790671295807465392600420095041407","284257564066288198691951438609838729710"],"threshold":0.9},"id":"CVE-2026-13589-0ad55539","signature_type":"Line","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Tests/Packet++Test/Tests/TelnetTests.cpp"}},{"digest":{"function_hash":"240910796103947242340320125644092402158","length":134},"id":"CVE-2026-13589-39fad3f7","signature_type":"Function","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Packet++/src/SSLHandshake.cpp","function":"SSLClientHelloMessage::getHandshakeVersion"},"deprecated":false},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Packet++/src/SSLHandshake.cpp"},"deprecated":false,"digest":{"line_hashes":["23475467191258109890865392587990559415","317513418531556080825557898863692637889","249260188854115796949255803486406517662","100460988187327377984120895877738435220","151961159786647446665951699392540973342","18343601474698899798836485120080880023","168503510838904995196688509466266917373"],"threshold":0.9},"id":"CVE-2026-13589-5520e881"},{"source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Packet++/src/TelnetLayer.cpp","function":"TelnetLayer::getFieldLen"},"deprecated":false,"digest":{"length":516,"function_hash":"64530128048131850997437488756051018090"},"id":"CVE-2026-13589-8482bf9a","signature_type":"Function","signature_version":"v1"},{"deprecated":false,"digest":{"function_hash":"84954212636711382870343475381041124570","length":400},"id":"CVE-2026-13589-9cc8c63f","signature_type":"Function","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Packet++/src/SSLHandshake.cpp","function":"SSLServerHelloMessage::getHandshakeVersion"}},{"source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Tests/Packet++Test/TestDefinition.h"},"deprecated":false,"digest":{"line_hashes":["160620450379764715478761082873010800112","253833480575525124639451525535943841751","194976479760050435721766871619608773730","46955084236245203878693397626678664794","283172730666298634771863218536021364580","191201273829929289785622157974965850998","263737484405563882428156022705558191791","159328907277084608301356414977276027123"],"threshold":0.9},"id":"CVE-2026-13589-d679a041","signature_type":"Line","signature_version":"v1"},{"id":"CVE-2026-13589-ee5ca307","signature_type":"Line","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Tests/Packet++Test/Tests/SSLTests.cpp"},"deprecated":false,"digest":{"line_hashes":["54585861972326685238396232403613731607","7021892063312519075160858833607803688","319885028695741780411797402061569415935"],"threshold":0.9}},{"deprecated":false,"digest":{"line_hashes":["280976480208517297156902697721174951266","303998403583394841415768396797453391173","83055894726114644735311484752152298180","308224595456431346839335098757625952668"],"threshold":0.9},"id":"CVE-2026-13589-f4490427","signature_type":"Line","signature_version":"v1","source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Packet++/src/TelnetLayer.cpp"}},{"source":"https://github.com/seladb/pcapplusplus/commit/98e671010bc7c87b95898c22ae289220ae92542b","target":{"file":"Tests/Packet++Test/main.cpp"},"deprecated":false,"digest":{"line_hashes":["61657402017217737840873166431747985178","173948576258895969704569629774232708977","36666762383856653548870154842157625636","280544293123603308998507562536566251918","321137452563574503563737364946071241101","96725043861684903173141092725143264031","310799868980042191080388059526410241120","265139228192807838662176692787931767322"],"threshold":0.9},"id":"CVE-2026-13589-f8a01232","signature_type":"Line","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}]}