CVE-2025-13674

EUVD-2025-199716
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
GitLabCNA
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wiresharkwireshark
4.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bookworm
4.0.17-0+deb12u1
not-affected
bookworm (security)
4.0.11-1~deb12u1
fixed
bullseye
3.4.10-0+deb11u1
not-affected
bullseye (security)
3.4.16-0+deb11u2
fixed
forky
4.6.4-1
fixed
sid
4.6.4-1
fixed
trixie
4.4.7-1
not-affected
trixie (security)
4.4.13-0+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://gitlab.com/wireshark/wireshark/-/issues/20770
https://www.wireshark.org/security/wnpa-sec-2025-05.html