CVE-2025-46836

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions: net-tools versions up to and including 2.10

Description: The issue is related to the Linux network utilities in the net-tools package, which do not properly validate the structure of /proc files when showing interfaces. This can lead to possible arbitrary code execution or crash due to a buffer overflow in the get name() function in interface.c. The function copies interface labels from /proc/net/dev into a fixed 16-byte stack buffer without bounds checking. The known attack path does not require privilege but also does not provide privilege escalation.

Recommendations: For versions up to and including 2.10, update to version 2.20 or later, which is expected to include a patch for this issue. As a temporary workaround, consider restricting access to the /proc/net/dev file to minimize the risk of exploitation.

Exploit

Fix

LPE

RCE

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-121

Related Identifiers

AZL-61883

AZL-61888

BDU:2025-11073

CVE-2025-46836

DLA-4202-1

DSA-5923-1

DSA-5923-2

GHSA-PFWF-H6M3-63WF

MGASA-2025-0259

OPENSUSE-SU-2025:15428-1

OPENSUSE-SU-2026:20437-1

SUSE-SU-2025:02974-1

SUSE-SU-2025:03245-1

SUSE-SU-2025:03260-1

SUSE-SU-2025:20566-1

SUSE-SU-2025:20747-1

SUSE-SU-2025:20825-1

SUSE-SU-2025_02974-1

SUSE-SU-2025_03245-1

SUSE-SU-2025_03260-1

SUSE-SU-2026:20940-1

SUSE-SU-2026:20948-1

USN-7537-1

USN-7537-2

Affected Products

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Net Tools

CVE-2025-46836

Weakness Enumeration

Related Identifiers

Affected Products

References · 65