CVE-2025-13945 PUBLISHED

Improperly Controlled Sequential Memory Allocation in Wireshark

Assigner: GitLab
Reserved: 03.12.2025 Published: 03.12.2025 Updated: 03.12.2025

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS Score: 5.5

Product Status

Vendor Wireshark Foundation
Product Wireshark
Versions Default: unaffected
  • affected from 4.6.0 to 4.6.1 (excl.)

Solutions

Upgrade to version 4.6.2 or above

Credits

  • Sébastien Féry finder

References

Problem Types

  • CWE-1325: Improperly Controlled Sequential Memory Allocation CWE