CVE-2025-11964
Unknown Unknown - Not Provided
Buffer Overflow in Windows libpcap UTF-8 Conversion Function

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: Tcpdump Group

Description
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11964
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tcpdump libpcap *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs on Windows systems in the libpcap library when converting Windows error messages to UTF-8. If the message contains characters that require 4 bytes in UTF-8, the function utf_16le_to_utf_8_truncated() incorrectly manages the buffer length by decrementing it by 3 instead of 4. This off-by-one error can cause the function to write data beyond the end of the provided buffer, potentially leading to memory corruption. [1]

Impact Analysis

The vulnerability can lead to buffer overflow conditions where data is written beyond the allocated buffer. While the CVSS score is low (1.9) indicating limited impact, this could potentially cause instability or unexpected behavior in applications using libpcap on Windows, possibly leading to denial of service or minor integrity issues. [1]

Mitigation Strategies

Apply the patch that fixes the off-by-one error in the utf_16le_to_utf_8_truncated() function within libpcap. This fix corrects the buffer length decrement from 3 to 4 bytes, preventing buffer overrun issues. Updating libpcap to the version that includes this fix is the recommended immediate mitigation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart