Source: tcpflow Version: 1.6.1-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for tcpflow. CVE-2026-25061[0]: | tcpflow is a TCP/IP packet demultiplexer. In versions up to and | including 1.61, wifipcap parses 802.11 management frame elements and | performs a length check on the wrong field when handling the TIM | element. A crafted frame with a large TIM length can cause a 1-byte | out-of-bounds write past `tim.bitmap[251]`. The overflow is small | and DoS is the likely impact; code execution is potential, but still | up in the air. The affected structure is stack-allocated in | `handle_beacon()` and related handlers. As of time of publication, | no known patches are available. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-25061 https://www.cve.org/CVERecord?id=CVE-2026-25061 [1] https://github.com/simsong/tcpflow/commit/1d84fe8d59bb52c9a9da446a0fe6a31b2de15612 [2] https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6-frrv-9rj6 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
