cvedb.io
CVE-2026-25061
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-29T22:15:55.797 · Last modified 2026-06-17T10:24:03.893

Summary

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available.

Affected products

digitalcorpora — tcpflow

Does this affect you?

Add your gear to cvedb and we'll alert you only when digitalcorpora ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.