CVE-2025-11961

Published: Dec 31, 2025

Modified: Jan 2, 2026

PUBLISHED

CVSS v3.1

1.9

LOW

Description

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

Vendor	Product	Versions
The Tcpdump Group	libpcap	affected `0 - < 1.10.6`

Weaknesses (CWE)

CWE-126

CWE-122

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11961

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References