Skip to main content

Nmap

1 CVEs product

Monthly

CVE-2026-58058 MEDIUM POC PATCH This Month

Out-of-bounds reads and a process crash in Nmap through 7.99 can be triggered remotely by any host that is being scanned, or by an on-path attacker, via a crafted IPv6 packet with a truncated extension header. The root cause is an integer underflow in the `ipv6_get_data_primitive` function (libnetutil/netutil.cc) where an insufficiently strict bounds check allows the extension-header walk pointer to advance past the captured packet buffer, causing the remaining-length subtraction to wraparound to a very large value. A publicly available exploit proof-of-concept exists; this vulnerability is not currently listed in the CISA KEV catalog.

Denial Of Service Integer Overflow Nmap
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Out-of-bounds reads and a process crash in Nmap through 7.99 can be triggered remotely by any host that is being scanned, or by an on-path attacker, via a crafted IPv6 packet with a truncated extension header. The root cause is an integer underflow in the `ipv6_get_data_primitive` function (libnetutil/netutil.cc) where an insufficiently strict bounds check allows the extension-header walk pointer to advance past the captured packet buffer, causing the remaining-length subtraction to wraparound to a very large value. A publicly available exploit proof-of-concept exists; this vulnerability is not currently listed in the CISA KEV catalog.

Denial Of Service Integer Overflow Nmap
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy