CVE Catalog

CVE-2026-13589

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Summary

A heap-based buffer overflow vulnerability exists in PcapPlusPlus 25.05 in the pcpp::TelnetLayer::getSubCommand function of TelnetLayer.cpp. The attack can be initiated remotely but is difficult to exploit. A public exploit is available.

Risk Assessment

Successful exploitation could lead to remote code execution or application crash, posing a risk to systems handling Telnet traffic.

Recommendation

Apply the patch identified by 98e671010bc7c87b95898c22ae289220ae92542b immediately and update PcapPlusPlus to a version after 25.05.

Original NVD description (English source)

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS