CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.0%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2026-25061

Digitalcorpora » Tcpflow » Version: 1.2.5

cpe:2.3:a:digitalcorpora:tcpflow:1.2.5
Digitalcorpora » Tcpflow » Version: 1.2.7

cpe:2.3:a:digitalcorpora:tcpflow:1.2.7
Digitalcorpora » Tcpflow » Version: 1.2.9

cpe:2.3:a:digitalcorpora:tcpflow:1.2.9
Digitalcorpora » Tcpflow » Version: 1.3.0

cpe:2.3:a:digitalcorpora:tcpflow:1.3.0
Digitalcorpora » Tcpflow » Version: 1.4.0

cpe:2.3:a:digitalcorpora:tcpflow:1.4.0
Digitalcorpora » Tcpflow » Version: 1.4.1

cpe:2.3:a:digitalcorpora:tcpflow:1.4.1
Digitalcorpora » Tcpflow » Version: 1.4.2

cpe:2.3:a:digitalcorpora:tcpflow:1.4.2
Digitalcorpora » Tcpflow » Version: 1.4.3

cpe:2.3:a:digitalcorpora:tcpflow:1.4.3
Digitalcorpora » Tcpflow » Version: 1.4.4

cpe:2.3:a:digitalcorpora:tcpflow:1.4.4
Digitalcorpora » Tcpflow » Version: 1.4.5

cpe:2.3:a:digitalcorpora:tcpflow:1.4.5
Digitalcorpora » Tcpflow » Version: 1.5.0

cpe:2.3:a:digitalcorpora:tcpflow:1.5.0
Digitalcorpora » Tcpflow » Version: 1.5.1

cpe:2.3:a:digitalcorpora:tcpflow:1.5.1
Digitalcorpora » Tcpflow » Version: 1.5.2

cpe:2.3:a:digitalcorpora:tcpflow:1.5.2
Digitalcorpora » Tcpflow » Version: 1.6.1

cpe:2.3:a:digitalcorpora:tcpflow:1.6.1
Debian » Debian Linux » Version: 11.0

cpe:2.3:o:debian:debian_linux:11.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25061

Products

Pricing

Contact Us