Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable parser, no auth required, but high complexity limits exploitation; scope unchanged as impact stays within the consuming process.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.
AnalysisAI
Heap-based buffer overflow in PcapPlusPlus 25.05's TLS Hello Handler allows remote unauthenticated attackers to trigger memory corruption via a crafted handshakeVersion argument in the SSLClientHelloMessage::getHandshakeVersion function of SSLHandshake.cpp. Successful exploitation requires high attack complexity, limiting practical impact, but a public proof-of-concept (poc.zip) has been disclosed via GitHub. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target environment must be running an application built with PcapPlusPlus 25.05 that actively parses TLS ClientHello handshake messages from network traffic - meaning the application must capture and hand off raw TLS packets to the pcpp::SSLClientHelloMessage class. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.9 reflects a network-reachable (AV:N) but high-complexity (AC:H) attack with no privilege requirement (PR:N) and no user interaction (UI:N), yielding only limited confidentiality, integrity, and availability impact on the vulnerable system (VC:L/VI:L/VA:L) and no subsequent-system impact (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sends a crafted TLS ClientHello packet with a malformed or oversized handshakeVersion value to a network interface monitored by an application built on PcapPlusPlus 25.05. The library's getHandshakeVersion() parser processes the packet without adequate bounds checking, causing a heap buffer overflow that corrupts adjacent memory. … |
| Remediation | The upstream fix is available as commit 98e671010bc7c87b95898c22ae289220ae92542b, delivered via pull request #2161 (https://github.com/seladb/PcapPlusPlus/pull/2161). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40148
GHSA-9f2x-4g7j-783f