MNBSD-2026-17: out-of-bounds read/write in pcap_ether_aton via a malformed MAC address

Severity: Unknown

Affected Package: libpcap

Summary: out-of-bounds read/write in pcap_ether_aton via a malformed MAC address

Description

pcap_ether_aton() in libpcap used an unbounded loop that parsed a caller-supplied MAC-48 address string without validating its format before allocation, allowing an out-of-bounds read and write when a malformed address string is supplied. Fixed by backporting the libpcap 1.10.6 input validation (upstream commit b2d2f9a9).

Affected Versions

libpcap

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-11961

Published: June 11, 2026
Last Modified: June 11, 2026