Denial of Service Vulnerability in Wireshark's MEGACO Dissector
CVE-2025-13946

5.5MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-13946?

The MEGACO dissector in Wireshark versions 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 is affected by a vulnerability that allows an infinite loop to occur. This can lead to a denial of service, disrupting the normal functioning of the network analysis tool. Exploitation of this vulnerability can impact users by causing the application to become unresponsive, thereby affecting network diagnostics and analysis tasks.

Affected Version(s)

Wireshark 4.6.0 < 4.6.1

Wireshark 4.4.0 < 4.4.11

References

https://www.wireshark.org/security/wnpa-sec-2025-08.html

https://gitlab.com/wireshark/wireshark/-/issues/20884

issue-trackingpermissions-required

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Dec 3, 2025

JSON