CVE-2026-13588: Heap-based Buffer Overflow in seladb PcapPlusPlus
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.
AI Analysis
Technical Summary
The vulnerability CVE-2026-13588 affects seladb PcapPlusPlus version 25.05 in the TLS Hello Handler, specifically in the function pcpp::SSLClientHelloMessage::getHandshakeVersion located in Packet++/src/SSLHandshake.cpp. Improper handling of the handshakeVersion argument can cause a heap-based buffer overflow, potentially allowing remote attackers to exploit the flaw. The attack complexity is high, and no privileges or user interaction are required. Although the exploitability is difficult, the vulnerability has been publicly disclosed. A patch exists (commit 98e671010bc7c87b95898c22ae289220ae92542b), and applying it is best practice.
Potential Impact
Successful exploitation of this vulnerability can lead to a heap-based buffer overflow, which may cause application crashes or potentially allow remote code execution or other memory corruption impacts. The attack can be launched remotely without privileges or user interaction, but the complexity is high and exploitability is difficult. The vulnerability is rated medium severity with a CVSS 4.0 base score of 6.3.
Mitigation Recommendations
A patch addressing this vulnerability is available as identified by commit 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply this patch to seladb PcapPlusPlus version 25.05 to remediate the issue. No vendor advisory content is provided to confirm patch availability beyond this, so verify with the vendor for official fixes or updates. Until patched, exercise caution when processing TLS Hello messages with untrusted input.
CVE-2026-13588: Heap-based Buffer Overflow in seladb PcapPlusPlus
Description
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.
CVSS v4.0
Score 6.3medium
Affected software
pkg:github/seladb/PcapPlusPluscpe:2.3:a:seladb:pcapplusplus:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-13588 affects seladb PcapPlusPlus version 25.05 in the TLS Hello Handler, specifically in the function pcpp::SSLClientHelloMessage::getHandshakeVersion located in Packet++/src/SSLHandshake.cpp. Improper handling of the handshakeVersion argument can cause a heap-based buffer overflow, potentially allowing remote attackers to exploit the flaw. The attack complexity is high, and no privileges or user interaction are required. Although the exploitability is difficult, the vulnerability has been publicly disclosed. A patch exists (commit 98e671010bc7c87b95898c22ae289220ae92542b), and applying it is best practice.
Potential Impact
Successful exploitation of this vulnerability can lead to a heap-based buffer overflow, which may cause application crashes or potentially allow remote code execution or other memory corruption impacts. The attack can be launched remotely without privileges or user interaction, but the complexity is high and exploitability is difficult. The vulnerability is rated medium severity with a CVSS 4.0 base score of 6.3.
Mitigation Recommendations
A patch addressing this vulnerability is available as identified by commit 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply this patch to seladb PcapPlusPlus version 25.05 to remediate the issue. No vendor advisory content is provided to confirm patch availability beyond this, so verify with the vendor for official fixes or updates. Until patched, exercise caution when processing TLS Hello messages with untrusted input.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-29T04:25:26.770Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a42a9a827e9c797193249f8
Added to database: 06/29/2026, 17:21:44 UTC
Last enriched: 06/29/2026, 17:36:50 UTC
Last updated: 06/29/2026, 18:06:31 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.