Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function
AnalysisAI
The getradiotapfield() function in ZerBea hcxpcapngtool version 7.0.1-43-g2ee308e contains a buffer overflow vulnerability allowing local attackers to trigger a denial of service condition through memory corruption. While the vulnerability is classified as causing information disclosure in the description, the CVSS vector (C:N/I:N/A:H) indicates the primary impact is availability degradation rather than confidentiality compromise. No public exploit code or active exploitation has been identified at the time of analysis, though the local attack vector and lack of required privileges make exploitation feasible for any user with local system access.
Technical ContextAI
hcxpcapngtool is a utility for processing pcap-ng files related to wireless packet capture analysis. The vulnerability exists in the getradiotapfield() function, which is responsible for parsing and extracting radiotap header fields from wireless packet captures. The root cause is classified as CWE-120 (Buffer Copy without Checking Size of Input, also known as classic buffer overflow), indicating that the function fails to validate the size of input data before copying it into a fixed-size buffer. Radiotap is a standard format for injecting and receiving frames in monitor mode on Linux wireless interfaces, making this function critical in the packet processing pipeline. The affected version identifier (7.0.1-43-g2ee308e) indicates a development build rather than an official release tag, suggesting the vulnerability may exist across multiple version branches.
RemediationAI
Update to the latest available version of hcxpcapngtool from the ZerBea GitHub repository (https://github.com/ZerBea/hcxtools), as the specific patched version is not independently confirmed in the provided advisory data. Monitor GitHub issue #365 for confirmation of a fix commit or tagged release. Until patching is completed, restrict local system access to untrusted users and disable hcxpcapngtool processing of pcap-ng files from untrusted or unvalidated sources. If the tool must process external pcap files, run it in a sandboxed or containerized environment with limited privileges and resource quotas to contain the impact of a potential denial of service. Input validation of pcap-ng files through preliminary static analysis tools before processing with hcxpcapngtool may mitigate some attack scenarios.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16212