CVE-2025-11961Heap-based Buffer Overflow in Tcpdump Group Libpcap

CWE-122Heap-based Buffer OverflowCWE-126Buffer Over-readCWE-787Out-of-bounds Write8 documents8 sources
Severity
1.9LOWNVD
EPSS
0.0%
top 95.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Tcpdump Group LibpcapTcpdump Libpcap
Timeline
PublishedDec 31

Description

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5the_tcpdump_group/libpcap< 1.10.6
Debiantcpdump/libpcap< 1.10.6-1

🔴Vulnerability Details

3
OSV
CVE-2025-11961: pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer2025-12-31
GHSA
GHSA-x25x-vjrm-h7qq: pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer2025-12-31
CVEList
OOBR and OOBW in pcap_ether_aton() in libpcap2025-12-31

📋Vendor Advisories

3
Red Hat
libpcap: libpcap: Memory corruption via malformed MAC-48 address input2025-12-31
Microsoft
OOBR and OOBW in pcap_ether_aton() in libpcap2025-12-09
Debian
CVE-2025-11961: libpcap - pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argumen...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-11961 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-11961 — Heap-based Buffer Overflow | cvebase