Libpcap

Source repositories

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-11964	Low	0.05	1.9	0.00		Dec 31, 2025	On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
CVE-2025-11961	Low	0.05	1.9	0.00		Dec 31, 2025	pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.