CVE-2026-13588

MEDIUM 5.6

seladb PcapPlusPlus TLS Hello SSLHandshake.cpp getHandshakeVersion heap-based overflow

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.

CWE	CWE-122 CWE-119
Vendor	seladb
Product	pcapplusplus
Published	Jun 29, 2026
Last Updated	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for seladb pcapplusplus

Be the first to know when new medium vulnerabilities affecting seladb pcapplusplus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

seladb / PcapPlusPlus

25.05

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/374591 vuldb.com: https://vuldb.com/vuln/374591/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13588 vuldb.com: https://vuldb.com/submit/844481 github.com: https://github.com/seladb/PcapPlusPlus/issues/2151 github.com: https://github.com/seladb/PcapPlusPlus/pull/2161 github.com: https://github.com/user-attachments/files/28213479/poc.zip github.com: https://github.com/seladb/PcapPlusPlus/commit/98e671010bc7c87b95898c22ae289220ae92542b github.com: https://github.com/seladb/PcapPlusPlus/

Credits

🔍 TYGLS (VulDB User)