CVE-2025-11961 (GCVE-0-2025-11961)

Vulnerability from cvelistv5 – Published: 2025-12-31 00:56 – Updated: 2025-12-31 00:56
VLAI?
Title
OOBR and OOBW in pcap_ether_aton() in libpcap
Summary
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.
Severity ?
1.9 (Low)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
The Tcpdump Group libpcap Affected: 0 , < 1.10.6 (semver)
Create a notification for this product.
Credits
Jin Wei Kunwei Qian Ping Chen
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libpcap",
          "programFiles": [
            "nametoaddr.c"
          ],
          "programRoutines": [
            {
              "name": "pcap_ether_aton()"
            }
          ],
          "repo": "https://github.com/the-tcpdump-group/libpcap/",
          "vendor": "The Tcpdump Group",
          "versions": [
            {
              "lessThan": "1.10.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jin Wei"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kunwei Qian"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ping Chen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer.  The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented.  If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T00:56:16.310Z",
        "orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
        "shortName": "Tcpdump"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "In libpcap 1.10.6 the function has been reimplemented to apply a stricter input validation and to fail safely if the input is invalid."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OOBR and OOBW in pcap_ether_aton() in libpcap"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
    "assignerShortName": "Tcpdump",
    "cveId": "CVE-2025-11961",
    "datePublished": "2025-12-31T00:56:16.310Z",
    "dateReserved": "2025-10-20T13:42:36.190Z",
    "dateUpdated": "2025-12-31T00:56:16.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-11961\",\"sourceIdentifier\":\"security@tcpdump.org\",\"published\":\"2025-12-31T01:15:54.500\",\"lastModified\":\"2025-12-31T20:42:15.637\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer.  The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented.  If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@tcpdump.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":1.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@tcpdump.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-126\"}]}],\"references\":[{\"url\":\"https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02\",\"source\":\"security@tcpdump.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.