{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13499", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-11-21T05:33:17.924Z", "datePublished": "2025-11-21T06:03:52.020Z", "dateUpdated": "2026-03-27T13:56:58.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"status": "affected", "version": "4.6.0"}, {"lessThan": "4.4.11", "status": "affected", "version": "4.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-03-27T13:56:58.105Z"}, "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}, {"name": "GitLab Issue #20823", "tags": ["issue-tracking", "permissions-required"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.1, 4.4.11, or above"}], "title": "Access of Uninitialized Pointer in Wireshark"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-22T04:55:20.177632Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:07:40.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-22T04:55:20.177632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T15:14:50.466Z"}}], "cna": {"title": "Access of Uninitialized Pointer in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.1, 4.4.11, or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823", "name": "GitLab Issue #20823", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-03-27T13:56:58.105Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13499", "state": "PUBLISHED", "dateUpdated": "2026-03-27T13:56:58.105Z", "dateReserved": "2025-11-21T05:33:17.924Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-11-21T06:03:52.020Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2B38884-8DE8-49C6-AEF4-CE0D1676E617", "versionEndExcluding": "4.4.11", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:4.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "80D1CE07-2473-4F8C-98A9-C7E2959CC724", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "id": "CVE-2025-13499", "lastModified": "2025-12-31T01:14:40.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-11-21T06:15:48.203", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "cve@gitlab.com", "type": "Secondary"}]}

{"bugzilla": {"description": "wireshark: Access of Uninitialized Pointer in Wireshark", "id": "2416293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416293"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-13499", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-21T06:03:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13499\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13499\nhttps://gitlab.com/wireshark/wireshark/-/commit/49137f8ce93c9f7ac55b69c8e089ba6a422f633e\nhttps://gitlab.com/wireshark/wireshark/-/issues/20823\nhttps://www.wireshark.org/security/wnpa-sec-2025-06.html"], "threat_severity": "Important"}

{"created": "2025-11-24T09:10:00.119951+00:00", "updated": "2025-11-24T09:10:00.119999+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}