6.6

CVE-2025-46836

net-tools Stack-based Buffer Overflow vulnerability

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1400
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1500
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1501
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1510
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1511
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1512
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1524
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1536
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version V3.1.5
Version < *
Status affected
HerstellerSiemens
Produkt SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version V3.1.5
Version < *
Status affected
HerstellerSiemens
Produkt SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version V3.1.5
Version < *
Status affected
HerstellerSiemens
Produkt SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version V3.1.5
Version < *
Status affected
HerstellerSiemens
Produkt SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version V3.1.5
Version < *
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.424
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 6.6 1.8 4.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.