CVE-2025-13945
Improperly Controlled Sequential Memory Allocation in Wireshark
In short
The HTTP3 dissector in Wireshark versions 4.6.0 and 4.6.1 crashes when processing certain network packets, causing the application to stop working. An attacker can exploit this by sending specially crafted packets to make the tool unavailable.
Technical detail
A memory allocation vulnerability in the HTTP3 dissector allows an attacker to trigger a denial of service through improper sequential memory allocation when processing malformed HTTP3 packets. The attack requires network access to send crafted packets to a system running the affected Wireshark versions, resulting in application crash and unavailability.
Summary generated and translated by AI from the official description.
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Wireshark Foundation · WiresharkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →