{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13946", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-12-03T07:33:42.822Z", "datePublished": "2025-12-03T08:04:54.335Z", "dateUpdated": "2025-12-03T14:28:19.274Z"}, "containers": {"cna": {"title": "Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark", "descriptions": [{"lang": "en", "value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.1", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "cweId": "CWE-835", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884", "name": "GitLab Issue #20884", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.2, 4.4.12, or above"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-12-03T08:04:54.335Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-03T14:28:11.099019Z", "id": "CVE-2025-13946", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T14:28:19.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-03T14:28:11.099019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T14:28:15.659Z"}}], "cna": {"title": "Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.1", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.2, 4.4.12, or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884", "name": "GitLab Issue #20884", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-12-03T08:04:54.335Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13946", "state": "PUBLISHED", "dateUpdated": "2025-12-03T14:28:19.274Z", "dateReserved": "2025-12-03T07:33:42.822Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-12-03T08:04:54.335Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA7C466B-F5CC-44F8-9459-B5F492F8B7BA", "versionEndExcluding": "4.4.12", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D2DBF83-3165-4923-A832-C962C1E3DF6F", "versionEndExcluding": "4.6.2", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"}], "id": "CVE-2025-13946", "lastModified": "2025-12-05T15:10:25.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2025-12-03T08:15:48.180", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20884"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory", "Issue Tracking"], "url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark", "id": "2418572", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418572"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service", "A flaw was found in the MEGACO dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing an infinite loop and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "If the MEGACO protocol dissectors are not being used, they can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissectors when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2025-13946", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-03T08:04:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13946\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13946\nhttps://gitlab.com/wireshark/wireshark/-/issues/20884\nhttps://www.wireshark.org/security/wnpa-sec-2025-08.html"], "statement": "This vulnerability will cause a crash in Wireshark with no other security impact. Additionally, this issue can only be exploited when a specially crafted pcap file is processed. For these reasons, this flaw has been rated with a moderate severity.", "threat_severity": "Moderate"}