CVE-2026-29976 identifies a buffer overflow vulnerability in the ZerBea hcxpcapngtool, a widely used tool for capturing and analyzing wireless network traffic. The vulnerability exists in the getradiotapfield() function, which processes Radiotap headers in captured packets. Improper handling of input data leads to a buffer overflow condition, allowing a local attacker to overwrite memory. This can cause the application to crash, resulting in a denial of service (DoS) condition. The vulnerability requires local access to the system running the tool, but no elevated privileges or user interaction are necessary. The CVSS 3.1 base score is 6.2, reflecting a medium severity primarily due to the impact on availability. There is no indication that confidentiality or integrity can be compromised. No patches or fixes have been released at the time of this report, and no known exploits have been observed in the wild. The vulnerability is classified under CWE-120, which corresponds to classic buffer overflow issues. Given the nature of the tool, this vulnerability primarily affects security researchers, penetration testers, and network administrators who use hcxpcapngtool for wireless security assessments.

The primary impact of this vulnerability is a denial of service, where an attacker with local access can crash the hcxpcapngtool application by exploiting the buffer overflow in getradiotapfield(). This disrupts wireless traffic analysis and may delay or hinder security investigations and network troubleshooting. Since the tool is often used in security-sensitive environments, such as penetration testing and wireless security auditing, the inability to reliably capture or analyze traffic could reduce situational awareness and delay incident response. However, the vulnerability does not allow for privilege escalation, data leakage, or code execution, limiting its overall impact. Organizations relying heavily on this tool for wireless security assessments may experience operational disruptions. The lack of remote exploitability and requirement for local access reduce the risk of widespread attacks but do not eliminate the threat in environments where multiple users share systems or where local access controls are weak.

To mitigate this vulnerability, organizations should restrict local access to systems running ZerBea hcxpcapngtool, ensuring only trusted users can execute the tool. Employ strict user account controls and monitor for unusual application crashes or behavior indicative of exploitation attempts. Until a patch is released, consider running the tool in isolated environments or virtual machines to contain potential crashes. Regularly check the official ZerBea repository and security advisories for updates or patches addressing this vulnerability. Additionally, implement robust logging and alerting to detect repeated crashes or anomalous activity related to hcxpcapngtool usage. Network segmentation and endpoint protection can further limit the impact of local attacks. Finally, educate users about the risks of running untrusted input through the tool and validate input sources where possible.