{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13499", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-11-21T05:33:17.924Z", "datePublished": "2025-11-21T06:03:52.020Z", "dateUpdated": "2025-12-11T15:34:55.962Z"}, "containers": {"cna": {"title": "Access of Uninitialized Pointer in Wireshark", "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-824: Access of Uninitialized Pointer", "cweId": "CWE-824", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823", "name": "GitLab Issue #20823", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.1, 4.4.11, or above"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-11-21T06:03:52.020Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-22T04:55:20.177632Z", "id": "CVE-2025-13499", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T15:34:55.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-22T04:55:20.177632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T15:14:50.466Z"}}], "cna": {"title": "Access of Uninitialized Pointer in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.1, 4.4.11, or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823", "name": "GitLab Issue #20823", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-11-21T06:03:52.020Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13499", "state": "PUBLISHED", "dateUpdated": "2025-12-11T15:34:55.962Z", "dateReserved": "2025-11-21T05:33:17.924Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-11-21T06:03:52.020Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2B38884-8DE8-49C6-AEF4-CE0D1676E617", "versionEndExcluding": "4.4.11", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC49CB33-4C79-4664-AC90-7CA539476EE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "id": "CVE-2025-13499", "lastModified": "2025-12-03T19:36:21.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-11-21T06:15:48.203", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Access of Uninitialized Pointer in Wireshark", "id": "2416293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416293"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-13499", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-21T06:03:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13499\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13499\nhttps://gitlab.com/wireshark/wireshark/-/commit/49137f8ce93c9f7ac55b69c8e089ba6a422f633e\nhttps://gitlab.com/wireshark/wireshark/-/issues/20823\nhttps://www.wireshark.org/security/wnpa-sec-2025-06.html"], "threat_severity": "Important"}

{"created": "2025-11-24T09:10:00.119951+00:00", "updated": "2025-11-24T09:10:00.119999+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}