Home > Vulnerability Database > CVE-2025-11961

Mend.io Vulnerability Database

CVE-2025-11961

Good to know:

Date: December 30, 2025

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

Severity Score

1.9

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11961

Url: https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02

Url: https://www.mend.io/vulnerability-database/CVE-2025-11961

Severity Score

1.9

Weakness Type (CWE)

Buffer Over-read

CWE-126

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version https://github.com/the-tcpdump-group/libpcap.git - libpcap-1.10.6

Learn More

CVSS v3.1

Base Score:	1.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11961

Good to know:

Date: December 30, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?