Overview
A medium-severity denial-of-service (DoS) vulnerability has been identified in Wireshark, specifically within the MEGACO dissector. This vulnerability, tracked as CVE-2025-13946, affects Wireshark versions 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11. An attacker could exploit this flaw by crafting malicious network traffic that triggers an infinite loop within the MEGACO dissector, leading to resource exhaustion and a denial of service condition.
Technical Details
The vulnerability resides in the MEGACO protocol dissector within Wireshark. Improper handling of specific MEGACO packets can cause the dissector to enter an infinite loop during packet analysis. This loop consumes excessive CPU resources, effectively rendering Wireshark unresponsive and potentially impacting the performance of the host system. The specific trigger conditions involve malformed or unexpected data structures within the MEGACO packet, which the dissector fails to handle gracefully.
Exploitation does not require authentication, making it easier for attackers to target vulnerable systems. The attack can be carried out by simply sending a specially crafted MEGACO packet to a system running a vulnerable version of Wireshark, or by opening a capture file containing such packets.
CVSS Analysis
This vulnerability has been assigned a CVSS score of 5.5, indicating a MEDIUM severity. The CVSS vector string is likely AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This breaks down as follows:
- AV:N (Attack Vector: Network): The attack can be launched over the network.
- AC:L (Attack Complexity: Low): Exploitation requires little to no specialized knowledge or access.
- PR:N (Privileges Required: None): No privileges are required to exploit the vulnerability.
- UI:N (User Interaction: None): No user interaction is required.
- S:U (Scope: Unchanged): The vulnerability impacts the affected component only.
- C:N (Confidentiality: None): There is no impact to confidentiality.
- I:N (Integrity: None): There is no impact to integrity.
- A:H (Availability: High): There is a high impact to availability (DoS).
Possible Impact
Successful exploitation of CVE-2025-13946 can lead to a denial-of-service condition, rendering Wireshark unusable. This can disrupt network analysis activities and potentially hinder incident response efforts. In scenarios where Wireshark is used in automated packet analysis pipelines, the DoS condition could disrupt the entire pipeline.
Mitigation and Patch Steps
The recommended mitigation is to upgrade Wireshark to a patched version that addresses the vulnerability. Specifically, upgrade to:
- Wireshark 4.6.2 or later
- Wireshark 4.4.12 or later
These versions contain fixes for the MEGACO dissector that prevent the infinite loop condition. Users unable to immediately upgrade should avoid analyzing network captures from untrusted sources, especially those containing MEGACO traffic, as a temporary workaround.
