CVE-2025-1492 — Uncontrolled Recursion in Foundation Wireshark

CWE-674 — Uncontrolled Recursion6 documents6 sources

Severity

7.5HIGHNVD

CNA7.8

EPSS

0.1%

top 83.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Foundation Wireshark Wireshark

Timeline

PublishedFeb 20

Description

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5wireshark_foundation/wireshark4.4.0 — 4.4.4+1

▶Debianwireshark/wireshark< 4.4.4-1+1

▶NVDwireshark/wireshark4.2.0 — 4.2.10+1

🔴Vulnerability Details

OSV

CVE-2025-1492: Bundle Protocol and CBOR dissector crashes in Wireshark 4↗2025-02-20

▶

CVEList

Uncontrolled Recursion in Wireshark↗2025-02-20

▶

GHSA

GHSA-hrqm-vf6v-j4gp: Bundle Protocol and CBOR dissector crashes in Wireshark 4↗2025-02-20

▶

📋Vendor Advisories

Red Hat

wireshark: Uncontrolled Recursion in Wireshark↗2025-02-20

▶

Debian

CVE-2025-1492: wireshark - Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0...↗2025

▶