CVE-2025-11964

CVE-2025-11964

Name

CVE-2025-11964

Description

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
patch	https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69

Type

URI

patch

https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69

CPE URI	Source package	Min version	Max version
	libpcap	>= 1.10.0	< 1.10.6

CPE URI

Source package

Min version

Max version

libpcap

>= 1.10.0

< 1.10.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libpcap	edge-main	1.10.5-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
libpcap	edge-main	1.10.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libpcap	3.23-main	1.10.5-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
libpcap	3.22-main	1.10.5-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
libpcap	3.21-main	1.10.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libpcap	3.20-main	1.10.4-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libpcap	3.19-main	1.10.4-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libpcap

edge-main

1.10.5-r1

Celeste <cielesti@protonmail.com>

possibly vulnerable

libpcap

edge-main