Severity: Unknown
Affected Package: libpcap
Summary: out-of-bounds read/write in pcap_ether_aton via a malformed MAC address
pcap_ether_aton() in libpcap used an unbounded loop that parsed a caller-supplied MAC-48 address string without validating its format before allocation, allowing an out-of-bounds read and write when a malformed address string is supplied. Fixed by backporting the libpcap 1.10.6 input validation (upstream commit b2d2f9a9).
No specific recommendations provided.
Aliases: CVE-2025-11961
Published: June 11, 2026
Last Modified: June 11, 2026