{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-29976", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-26T15:29:41.020Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T14:40:39.938Z"}, "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ZerBea/hcxtools/issues/365"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T15:29:38.159106Z", "id": "CVE-2026-29976", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:29:41.020Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-29976", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T15:29:38.159106Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:29:35.787Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ZerBea/hcxtools/issues/365"}], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-26T14:40:39.938Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29976", "state": "PUBLISHED", "dateUpdated": "2026-03-26T15:29:41.020Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zerbea:hcxtools:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA1414B9-89D6-48FB-890E-F8C4A5985AA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function"}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de b\u00fafer en ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e permite a un atacante local obtener informaci\u00f3n sensible a trav\u00e9s de la funci\u00f3n getradiotapfield()"}], "id": "CVE-2026-29976", "lastModified": "2026-04-02T19:37:58.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T15:16:36.137", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/ZerBea/hcxtools/issues/365"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "hcxpcapngtool: hcxtools: ZerBea hcxpcapngtool: Information disclosure via buffer overflow in getradiotapfield() function", "id": "2451745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451745"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in ZerBea hcxpcapngtool. A local attacker can exploit a buffer overflow vulnerability within the `getradiotapfield()` function. This can lead to the disclosure of sensitive information."], "name": "CVE-2026-29976", "public_date": "2026-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-29976\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-29976\nhttps://github.com/ZerBea/hcxtools/issues/365"], "statement": "This Low impact vulnerability affects Red Hat Community Projects, specifically the `hcxtools` component. A local attacker can exploit a buffer overflow in the `getradiotapfield()` function, potentially leading to the disclosure of sensitive information.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "7.0.1-43-g2ee308e"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "hcxpcapngtool", "vendor": "zerbea"}], "analysis": {"en": {"generated_at": "2026-04-02T23:10:13.315246+00:00", "value": {"mitigation_remediation": ["Upgrade ZerBea hcxtools to the latest release that patches the getradiotapfield buffer overflow.", "If an upgrade is not immediately feasible, limit the use of hcxtools to trusted users and isolate the tool in a sandboxed environment.", "Verify the integrity of the hcxtools binary by checking its checksum or signature against the vendor\u2019s published values."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is ZerBea hcxtools version 7.0.1\u201143\u2011g2ee308e. No other vendors or product variants are listed as impacted, and earlier or later releases are presumed not to contain the same defect unless they retain the vulnerable code path.", "description_and_impact": "A buffer overflow occurs in the getradiotapfield() function of the hcxpcapngtool component within ZerBea hcxtools. The flaw arises from inadequate bounds checking and is classified as CWE\u2011120. An attacker with local access to the system can trigger the overflow by providing a crafted capture file, enabling the reading of memory beyond the intended buffer and exposing sensitive data such as configuration details or potentially confidential network traffic metadata. The vulnerability does not provide direct execution of arbitrary code or privilege escalation, but the information revealed could be used for further attacks.", "risk_and_exploitability": "The CVSS score of 6.2 reflects a medium severity impact, while the EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not present in CISA\u2019s KEV catalog. Exploitation requires local presence on the host where the tool is installed, and typically involves the creation or manipulation of a capture file that triggers the overflow. Even with a low probability of exploitation, the information exposure justifies prompt remediation."}}}}, "created": "2026-03-27T08:36:28.414675+00:00", "updated": "2026-04-03T09:39:01.325859+00:00", "vendors": ["zerbea", "zerbea$PRODUCT$hcxpcapngtool"]}