diff mbox series

[scarthgap,2/2] libpcap: patch CVE-2025-11964

Message ID 20260102133234.2651606-2-peter.marko@siemens.com
State Under Review
Delegated to: Steve Sakoman
Headers show
Series [scarthgap,1/2] libpcap: patch CVE-2025-11961 | expand

Commit Message

Peter Marko Jan. 2, 2026, 1:32 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-11964

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../libpcap/libpcap/CVE-2025-11964.patch      | 33 +++++++++++++++++++
 .../libpcap/libpcap_1.10.4.bb                 |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
new file mode 100644
index 00000000000..003d21fb1f1
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
@@ -0,0 +1,33 @@ 
+From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Sun, 7 Sep 2025 12:51:56 -0700
+Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated().
+
+For the four octets of UTF-8 case, it was decrementing the remaining
+buffer length by 3, not 4.
+
+Thanks to a team of developers from the Univesity of Waterloo for
+reporting this.
+
+(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b)
+
+CVE: CVE-2025-11964
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ fmtutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fmtutils.c b/fmtutils.c
+index a5a4fe62..78a0f8b7 100644
+--- a/fmtutils.c
++++ b/fmtutils.c
+@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char *utf_8,
+ 			*utf_8++ = ((uc >> 12) & 0x3F) | 0x80;
+ 			*utf_8++ = ((uc >> 6) & 0x3F) | 0x80;
+ 			*utf_8++ = ((uc >> 0) & 0x3F) | 0x80;
+-			utf_8_len -= 3;
++			utf_8_len -= 4;
+ 		}
+ 	}
+ 
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
index df091e5ca2c..ee7d7540f67 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
@@ -16,6 +16,7 @@  SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
            file://CVE-2024-8006.patch \
            file://CVE-2025-11961-01.patch \
            file://CVE-2025-11961-02.patch \
+           file://CVE-2025-11964.patch \
           "
 
 SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f"