Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable parser requires no authentication (PR:N) but demands precise malformed packet crafting (AC:H); all CIA impacts limited to partial effects with no scope change.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
AnalysisAI
Heap-based buffer overflow in PcapPlusPlus 25.05's Telnet subnegotiation packet parser allows remote attackers to corrupt heap memory by sending a specially crafted Telnet subnegotiation packet to any application embedding this library. The flaw in pcpp::TelnetLayer::getSubCommand (Packet++/src/TelnetLayer.cpp) results in low-level confidentiality, integrity, and availability impact against the parsing process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target application must embed PcapPlusPlus version 25.05 AND must be actively parsing Telnet protocol traffic through the TelnetLayer API - applications that do not invoke Telnet subnegotiation parsing are not exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.9 (Low) accurately reflects a constrained real-world risk profile despite this being a memory corruption class vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned on a network segment monitored by an application using PcapPlusPlus 25.05 - such as a packet analyzer or IDS sensor - transmits a crafted Telnet subnegotiation packet with malformed suboption data that exceeds expected buffer bounds in `getSubCommand()`. The library processes the packet without adequate length validation, triggering a heap corruption event that may result in limited data disclosure, memory tampering, or application instability. … |
| Remediation | Apply the upstream fix by integrating or updating to the commit identified by patch hash 98e671010bc7c87b95898c22ae289220ae92542b, available via GitHub PR #2161 at https://github.com/seladb/PcapPlusPlus/pull/2161. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40150
GHSA-x5wv-5f96-x49c