Source: nmap
Version: 7.99+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for nmap.

CVE-2026-58058[0]:
| Nmap through 7.99 does not keep the IPv6 extension-header walk
| within the captured packet in ipv6_get_data_primitive
| (libnetutil/netutil.cc), so the pointer advances past the buffer and
| the remaining-length computation underflows to a large value. A
| scanned target or on-path attacker returning a crafted IPv6 response
| with a truncated extension header can trigger out-of-bounds reads
| and a crash during raw IPv6 scans.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-58058
    https://www.cve.org/CVERecord?id=CVE-2026-58058
[1] https://github.com/bikini/exploitarium/tree/main/nmap-ipv6-extlen-wrap-poc
[2] https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to