CVE-2025-13946

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13946

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13946.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13946

Downstream

DEBIAN-CVE-2025-13946

DLA-4479-1

DSA-6124-1

OESA-2026-1058

OESA-2026-1059

OESA-2026-1060

OESA-2026-1061

OESA-2026-1062

UBUNTU-CVE-2025-13946

Published

2025-12-03T08:04:54.335Z

Modified

2026-02-22T08:02:02.752328Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

Details

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13946.json",
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

009a163470b581c7d3ee66d89c819cef1f9e50fe

Fixed

dbc56ebc569f69d60456d722c8571cf332aa282f

Introduced

cdfb6721e77c19d43f4787f66e9d5f2525281a22

Fixed

24d5e2b5a3dcb12d282d891479c17826ae1ff927

Affected versions

v4.*

v4.4.0

v4.4.1

v4.4.10

v4.4.10rc0

v4.4.11

v4.4.11rc0

v4.4.12rc0

v4.4.1rc0

v4.4.2

v4.4.2rc0

v4.4.3

v4.4.3rc0

v4.4.4

v4.4.4rc0

v4.4.5

v4.4.5rc0

v4.4.6

v4.4.6rc0

v4.4.7

v4.4.7rc0

v4.4.8

v4.4.8rc0

v4.4.9

v4.4.9rc0

v4.6.0

v4.6.1

v4.6.1rc0

v4.6.2rc0

v4.6.7rc0

wireshark-4.*

wireshark-4.4.0

wireshark-4.4.1

wireshark-4.4.2

wireshark-4.4.3

wireshark-4.4.4

wireshark-4.4.5

wireshark-4.4.6

wireshark-4.4.7

wireshark-4.4.8

wireshark-4.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13946.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

cdfb6721e77c19d43f4787f66e9d5f2525281a22

Fixed

291c718be4fe6c1c9d261da6dedd514c8f611834

Database specific

{
    "versions": [
        {
            "introduced": "4.6.0"
        },
        {
            "fixed": "4.6.1"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

009a163470b581c7d3ee66d89c819cef1f9e50fe

Fixed

34933a027baf19835296a509be79a040e40e9330

Database specific

{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.11"
        }
    ]
}

Affected versions

v4.*

v4.4.0

v4.4.1

v4.4.10

v4.4.10rc0

v4.4.11rc0

v4.4.1rc0

v4.4.2

v4.4.2rc0

v4.4.3

v4.4.3rc0

v4.4.4

v4.4.4rc0

v4.4.5

v4.4.5rc0

v4.4.6

v4.4.6rc0

v4.4.7

v4.4.7rc0

v4.4.8

v4.4.8rc0

v4.4.9

v4.4.9rc0

v4.6.0

v4.6.1rc0

wireshark-4.*

wireshark-4.4.0

wireshark-4.4.1

wireshark-4.4.2

wireshark-4.4.3

wireshark-4.4.4

wireshark-4.4.5

wireshark-4.4.6

wireshark-4.4.7

wireshark-4.4.8

wireshark-4.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13946.json"