CVE-2025-11961

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11961
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11961.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-11961
Downstream
Related
Published
2025-12-31T01:15:54.500Z
Modified
2026-01-30T00:33:35.724741Z
Severity
  • 1.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

pcapetheraton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

References

Affected packages

Git / github.com/the-tcpdump-group/libpcap

Affected ranges

Type
GIT
Repo
https://github.com/the-tcpdump-group/libpcap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b2d2f9a9a0581c40780bde509f7cc715920f1c02

Affected versions

libpcap-0.*
libpcap-0.6.1
libpcap-0.7.1
libpcap-0.8-bp
libpcap-1.*
libpcap-1.10-bp
libpcap-1.10.0
libpcap-1.10.1
libpcap-1.10.2
libpcap-1.10.3
libpcap-1.10.4
libpcap-1.10.5
libpcap-1.3-bp
libpcap-1.5.0
libpcap-1.6.0-bp
libpcap-1.7.0-bp
libpcap-1.8.0-bp
libpcap-1.8.1
libpcap-1.9-bp
libpcap-1.9.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11961.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02",
        "target": {
            "file": "nametoaddr.c",
            "function": "pcap_ether_aton"
        },
        "id": "CVE-2025-11961-6ce1e85f",
        "digest": {
            "length": 410.0,
            "function_hash": "338532573539372724252146539691131172866"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02",
        "target": {
            "file": "nametoaddr.c"
        },
        "id": "CVE-2025-11961-6f0751ce",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311569667773513847727913042935363540295",
                "106228714869592264064763436068520160220",
                "95986298097032568012137342931103343975",
                "254403214378536382176307593068908471968",
                "46286724075191951667710445501115730479",
                "80874710227248265914467820316748394126",
                "223950252177547405893794282149651364283",
                "23970399444445464471299991953629743808",
                "16762061561596678447394158208615903000",
                "89164239427011409971112911346121532244",
                "297440721378684511226887532710748698283",
                "313716033195347506299463177491141301343",
                "253765699520873696296756073701305251658",
                "296997619590315164428447432204036898262",
                "41317110967919725399841091712416863468",
                "298546271216788835721686224685871469976",
                "242397809105726062962625968727851191454",
                "56142706446188915423301179927568760075",
                "50914070020879022587063928716535553729",
                "92426788780852392788908933606465342640",
                "252567964987038432047843894244955908626"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]