#1140916 nmap: CVE-2026-58058

Package:
src:nmap
Source:
src:nmap
Submitter:
Salvatore Bonaccorso
Date:
2026-06-28 11:51:02 UTC
Severity:
normal
Tags:
#1140916#5
Date:
2026-06-28 11:49:11 UTC
From:
To:
Hi,

The following vulnerability was published for nmap.

CVE-2026-58058[0]:
| Nmap through 7.99 does not keep the IPv6 extension-header walk
| within the captured packet in ipv6_get_data_primitive
| (libnetutil/netutil.cc), so the pointer advances past the buffer and
| the remaining-length computation underflows to a large value. A
| scanned target or on-path attacker returning a crafted IPv6 response
| with a truncated extension header can trigger out-of-bounds reads
| and a crash during raw IPv6 scans.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-58058
https://www.cve.org/CVERecord?id=CVE-2026-58058
[1] https://github.com/bikini/exploitarium/tree/main/nmap-ipv6-extlen-wrap-poc
[2] https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore