CVE-2025-13946
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.12 (exc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13946 is a vulnerability in Wireshark versions 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 where the MEGACO dissector can enter an infinite loop. This happens due to improper handling of certain malformed or oversized protocol data units, specifically related to the Bundle Protocol version 6 (bpv6) dissector. The vulnerability can cause resource exhaustion and denial of service when processing crafted capture files. [1]
How can this vulnerability impact me? :
This vulnerability can cause denial of service by making Wireshark enter an infinite loop and consume excessive CPU resources when processing specially crafted capture files. This can disrupt network analysis and monitoring activities, potentially causing system instability or unavailability of the Wireshark tool during investigation or troubleshooting. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing Wireshark or tshark logs for signs of resource exhaustion or infinite loops when processing MEGACO or bpv6 protocol packets. Specifically, look for warnings related to packet dissectors such as evaluate_sdnv() indicating truncated decoded values or repeated parsing failures of JSON constants. Using tshark with a suspicious capture file may cause the process to exceed CPU time limits or hang. Commands to monitor include running tshark on capture files and observing CPU usage or error logs, for example: `tshark -r suspicious_capture.pcap` and monitoring system resource usage with `top` or `ps` to detect hangs or high CPU consumption. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening or processing untrusted or suspicious capture files containing MEGACO or bpv6 protocol data in vulnerable versions of Wireshark (4.4.0 to 4.4.11 and 4.6.0 to 4.6.1). Consider upgrading Wireshark to a version where this vulnerability is fixed. Additionally, running Wireshark or tshark with limited privileges and monitoring resource usage can help reduce impact. If possible, disable or restrict the bpv6 dissector until a patch is applied. [1]