Skip to main content

Tcpflow

3 CVEs product

Monthly

CVE-2026-25061 HIGH POC This Week

Denial-of-service attacks against tcpflow up to version 1.61 are possible via malformed 802.11 management frames that trigger a stack-based buffer overflow in TIM element parsing. An unauthenticated remote attacker can craft a specially designed wireless frame to cause a one-byte out-of-bounds write, crashing the application or potentially executing arbitrary code. Public exploit code exists, but no patches are currently available for affected Debian Linux systems and other distributions using vulnerable tcpflow versions.

Denial Of Service Tcpflow Debian Linux Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2018-18409 MEDIUM POC This Month

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpflow Fedora +1
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-14938 CRITICAL POC PATCH Act Now

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Tcpflow Ubuntu Linux
NVD GitHub
CVSS 3.0
9.1
EPSS
2.8%
EPSS 0% CVSS 7.5
HIGH POC This Week

Denial-of-service attacks against tcpflow up to version 1.61 are possible via malformed 802.11 management frames that trigger a stack-based buffer overflow in TIM element parsing. An unauthenticated remote attacker can craft a specially designed wireless frame to cause a one-byte out-of-bounds write, crashing the application or potentially executing arbitrary code. Public exploit code exists, but no patches are currently available for affected Debian Linux systems and other distributions using vulnerable tcpflow versions.

Denial Of Service Tcpflow Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +3
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy