{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11961", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "state": "PUBLISHED", "assignerShortName": "Tcpdump", "dateReserved": "2025-10-20T13:42:36.190Z", "datePublished": "2025-12-31T00:56:16.310Z", "dateUpdated": "2026-01-02T14:38:16.719Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libpcap", "programFiles": ["nametoaddr.c"], "programRoutines": [{"name": "pcap_ether_aton()"}], "repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "versions": [{"lessThan": "1.10.6", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jin Wei"}, {"lang": "en", "type": "reporter", "value": "Kunwei Qian"}, {"lang": "en", "type": "reporter", "value": "Ping Chen"}], "descriptions": [{"lang": "en", "value": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2025-12-31T00:56:16.310Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02"}], "solutions": [{"lang": "en", "value": "In libpcap 1.10.6 the function has been reimplemented to apply a stricter input validation and to fail safely if the input is invalid."}], "source": {"discovery": "EXTERNAL"}, "title": "OOBR and OOBW in pcap_ether_aton() in libpcap"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-02T14:23:09.479384Z", "id": "CVE-2025-11961", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T14:38:16.719Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11961", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-02T14:23:09.479384Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T14:23:11.003Z"}}], "cna": {"title": "OOBR and OOBW in pcap_ether_aton() in libpcap", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Jin Wei"}, {"lang": "en", "type": "reporter", "value": "Kunwei Qian"}, {"lang": "en", "type": "reporter", "value": "Ping Chen"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "product": "libpcap", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.6", "versionType": "semver"}], "programFiles": ["nametoaddr.c"], "defaultStatus": "unaffected", "programRoutines": [{"name": "pcap_ether_aton()"}]}], "solutions": [{"lang": "en", "value": "In libpcap 1.10.6 the function has been reimplemented to apply a stricter input validation and to fail safely if the input is invalid."}], "references": [{"url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2025-12-31T00:56:16.310Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11961", "state": "PUBLISHED", "dateUpdated": "2026-01-02T14:38:16.719Z", "dateReserved": "2025-10-20T13:42:36.190Z", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "datePublished": "2025-12-31T00:56:16.310Z", "assignerShortName": "Tcpdump"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer."}], "id": "CVE-2025-11961", "lastModified": "2025-12-31T20:42:15.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security@tcpdump.org", "type": "Secondary"}]}, "published": "2025-12-31T01:15:54.500", "references": [{"source": "security@tcpdump.org", "url": "https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02"}], "sourceIdentifier": "security@tcpdump.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-126"}], "source": "security@tcpdump.org", "type": "Secondary"}]}

{"bugzilla": {"description": "libpcap: libpcap: Memory corruption via malformed MAC-48 address input", "id": "2426396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426396"}, "csaw": false, "cvss3": {"cvss3_base_score": "1.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "(CWE-122|CWE-126)", "details": ["pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.", "A flaw was found in libpcap. The pcap_ether_aton() function, which processes MAC-48 addresses, does not properly validate input strings. An application that calls this function with a malformed address string can cause the function to read or write data beyond its intended memory boundaries. This can lead to minor data corruption or unexpected application behavior."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-11961", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-12-31T00:56:16Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11961\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11961\nhttps://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02"], "statement": "This vulnerability is rated Low for Red Hat because it requires a specific application to call the `pcap_ether_aton()` function with a malformed MAC-48 address string. Exploitation is dependent on applications using this auxiliary function with untrusted input, which is not a common scenario in Red Hat products.", "threat_severity": "Low"}