CVE Vulnerabilities

CVE-2026-1681

Uncontrolled Recursion

Published: May 12, 2026 | Modified: Jul 08, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

Issuing an ICMP ping via the net ping shell command to a devices own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

NameVendorStart VersionEnd Version
ZephyrZephyrproject*4.3.0 (including)

Potential Mitigations

References