CVE-2025-13499

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-13499
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13499.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-13499
Downstream
Published
2025-11-21T06:03:52.020Z
Modified
2025-12-11T19:33:37.682021Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Access of Uninitialized Pointer in Wireshark
Details

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

Database specific 
{
    "cwe_ids": [
        "CWE-824"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13499.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Fixed
34933a027baf19835296a509be79a040e40e9330

Affected versions

v4.*

v4.4.0
v4.4.1
v4.4.10
v4.4.10rc0
v4.4.11rc0
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4
v4.4.4rc0
v4.4.5
v4.4.5rc0
v4.4.6
v4.4.6rc0
v4.4.7
v4.4.7rc0
v4.4.8
v4.4.8rc0
v4.4.9
v4.4.9rc0
v4.6.7rc0

wireshark-4.*

wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3
wireshark-4.4.4
wireshark-4.4.5
wireshark-4.4.6
wireshark-4.4.7
wireshark-4.4.8
wireshark-4.4.9

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cdfb6721e77c19d43f4787f66e9d5f2525281a22
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.6.0"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Fixed
34933a027baf19835296a509be79a040e40e9330
Database specific 
{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.11"
        }
    ]
}

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

ssv0.*

ssv0.9.0
ssv0.9.0rc0
ssv0.9.0rc1
ssv0.9.1
ssv0.9.2
ssv0.9.2rc0
ssv0.9.3rc0

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.1.0
v2.1.0rc0
v2.1.1
v2.1.1rc0
v2.1.2rc0
v2.3.0rc0
v2.5.0
v2.5.0rc0
v2.5.1
v2.5.1rc0
v2.5.2rc0
v2.9.0
v2.9.0rc0
v2.9.1rc0

v3.*

v3.1.0
v3.1.0rc0
v3.1.1
v3.1.1rc0
v3.1.2rc0
v3.3.0
v3.3.0rc0
v3.3.1
v3.3.1rc0
v3.3.2rc0
v3.5.0
v3.5.0rc0
v3.5.1rc0
v3.7.0
v3.7.0rc0
v3.7.1
v3.7.1rc0
v3.7.2
v3.7.2rc0
v3.7.3rc0

v4.*

v4.1.0
v4.1.0rc0
v4.1.1rc0
v4.3.0
v4.3.0rc0
v4.3.0rc1
v4.3.1
v4.3.1rc0
v4.3.2rc0
v4.4.0
v4.4.1
v4.4.10
v4.4.10rc0
v4.4.11rc0
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4
v4.4.4rc0
v4.4.5
v4.4.5rc0
v4.4.6
v4.4.6rc0
v4.4.7
v4.4.7rc0
v4.4.8
v4.4.8rc0
v4.4.9
v4.4.9rc0
v4.5.0rc0
v4.6.0
v4.6.0rc0
v4.6.0rc1

wireshark-1.*

wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

wireshark-2.*

wireshark-2.1.0
wireshark-2.1.1
wireshark-2.5.0

wireshark-4.*

wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3
wireshark-4.4.4
wireshark-4.4.5
wireshark-4.4.6
wireshark-4.4.7
wireshark-4.4.8
wireshark-4.4.9