Home > Vulnerability Database > CVE-2026-25061

Mend.io Vulnerability Database

CVE-2026-25061

Good to know:

Date: January 29, 2026

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past "tim.bitmap[251]". The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in "handle_beacon()" and related handlers. As of time of publication, no known patches are available.

Severity Score

5.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-25061

Url: https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6-frrv-9rj6

Url: https://www.mend.io/vulnerability-database/CVE-2026-25061

Severity Score

5.3

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2026-25061

Good to know:

Date: January 29, 2026

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?