CVE-2025-11964
low-risk
Published 2025-12-31
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
1
CVSS 1.9/10
Low
LOCAL
/ HIGH complexity
10
/ 100
low-risk
Severity
5/34 · Minimal
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal