CVE-2025-11964
Buffer Overflow in Windows libpcap UTF-8 Conversion Function
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: Tcpdump Group
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tcpdump | libpcap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs on Windows systems in the libpcap library when converting Windows error messages to UTF-8. If the message contains characters that require 4 bytes in UTF-8, the function utf_16le_to_utf_8_truncated() incorrectly manages the buffer length by decrementing it by 3 instead of 4. This off-by-one error can cause the function to write data beyond the end of the provided buffer, potentially leading to memory corruption. [1]
How can this vulnerability impact me? :
The vulnerability can lead to buffer overflow conditions where data is written beyond the allocated buffer. While the CVSS score is low (1.9) indicating limited impact, this could potentially cause instability or unexpected behavior in applications using libpcap on Windows, possibly leading to denial of service or minor integrity issues. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the off-by-one error in the utf_16le_to_utf_8_truncated() function within libpcap. This fix corrects the buffer length decrement from 3 to 4 bytes, preventing buffer overrun issues. Updating libpcap to the version that includes this fix is the recommended immediate mitigation. [1]