2426396 – (CVE-2025-11961) CVE-2025-11961 libpcap: libpcap: Memory corruption via malformed MAC-48 address input

Bug 2426396 (CVE-2025-11961) - CVE-2025-11961 libpcap: libpcap: Memory corruption via malformed MAC-48 address input

Summary: CVE-2025-11961 libpcap: libpcap: Memory corruption via malformed MAC-48 addre...

Keywords:
Status:	NEW
Alias:	CVE-2025-11961
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2426630 2426631
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-31 02:01 UTC by OSIDB Bzimport
Modified:	2026-01-01 11:57 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-31 02:01:23 UTC

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer.  The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented.  If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

Note You need to log in before you can comment on or make changes to this bug.