{"api_version":"1","generated_at":"2026-05-13T07:40:48+00:00","cve":"CVE-2025-46836","urls":{"html":"https://cve.report/CVE-2025-46836","api":"https://cve.report/api/cve/CVE-2025-46836.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-46836","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-46836"},"summary":{"title":"net-tools Stack-based Buffer Overflow vulnerability","description":"net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2025-05-14 23:15:48","updated_at":"2026-05-12 13:17:19"},"problem_types":["CWE-20","CWE-121","CWE-20 CWE-20: Improper Input Validation","CWE-121 CWE-121: Stack-based Buffer Overflow"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"6.6","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.6","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d","name":"https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00053.html","name":"https://lists.debian.org/debian-lts-announce/2025/05/msg00053.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-577017.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-577017.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf","name":"https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-46836","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46836","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ecki","product":"net-tools","version":"affected <= 2.10","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX MX5000","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX MX5000RE","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1400","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1500","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1501","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1510","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1511","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1512","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1524","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX1536","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM ROX RX5000","version":"affected V2.17.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"46836","cve":"CVE-2025-46836","epss":"0.001370000","percentile":"0.331810000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-46836","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-05-15T15:34:45.640215Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-05-15T15:36:08.950Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-05-31T23:03:06.548Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00053.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"RUGGEDCOM ROX MX5000","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX MX5000RE","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1400","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1500","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1501","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1510","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1511","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1512","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1524","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX1536","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"RUGGEDCOM ROX RX5000","vendor":"Siemens","versions":[{"lessThan":"V2.17.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:08:12.154Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-577017.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"product":"net-tools","vendor":"ecki","versions":[{"status":"affected","version":"<= 2.10"}]}],"descriptions":[{"lang":"en","value":"net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20: Improper Input Validation","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-121","description":"CWE-121: Stack-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-05-14T22:59:19.997Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf"},{"name":"https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d","tags":["x_refsource_MISC"],"url":"https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d"}],"source":{"advisory":"GHSA-pfwf-h6m3-63wf","discovery":"UNKNOWN"},"title":"net-tools Stack-based Buffer Overflow vulnerability"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2025-46836","datePublished":"2025-05-14T22:59:19.997Z","dateReserved":"2025-04-30T19:41:58.136Z","dateUpdated":"2026-05-12T12:08:12.154Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-05-14 23:15:48","lastModifiedDate":"2026-05-12 13:17:19","problem_types":["CWE-20","CWE-121","CWE-20 CWE-20: Improper Input Validation","CWE-121 CWE-121: Stack-based Buffer Overflow"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"46836","Ordinal":"1","Title":"net-tools Stack-based Buffer Overflow vulnerability","CVE":"CVE-2025-46836","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"46836","Ordinal":"1","NoteData":"net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.","Type":"Description","Title":"net-tools Stack-based Buffer Overflow vulnerability"}]}}}