{"id":"ALPINE-CVE-2025-48964","details":"ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).","modified":"2026-03-09T01:22:03.584023Z","published":"2025-07-22T18:15:36.020Z","upstream":["CVE-2025-48964"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2025-48964"}],"affected":[{"package":{"name":"iputils","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/iputils?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20250602-r0"}]}],"versions":["20071127-r0","20071127-r1","20100214-r0","20100214-r1","20100214-r2","20100214-r3","20100214-r4","20121126-r0","20121221-r0","20121221-r1","20121221-r2","20121221-r3","20121221-r4","20121221-r5","20121221-r6","20121221-r7","20121221-r8","20161105-r0","20161105-r1","20180629-r0","20180629-r1","20190709-r0","20190709-r1","20200821-r0","20210202-r0","20210722-r0","20211215-r0","20221126-r0","20221126-r1","20221126-r2","20231222-r0","20240117-r0","20240905-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-48964.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}