Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2025-5601

7.8HIGH

Key Information:

Vendor

Wireshark

Status
Vendor
CVE Published:
4 June 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-5601?

Wireshark versions 4.4.0 through 4.4.6 and 4.2.0 through 4.2.12 are susceptible to a denial of service vulnerability caused by improper handling of columns. An attacker can exploit this vulnerability through packet injection or by embedding malicious code within specially crafted capture files, leading to potential application crashes and interruption of service. It is crucial for users of affected versions to be aware of this issue and to apply recommended patches to mitigate risks.

Affected Version(s)

Wireshark 4.4.0 < 4.4.7

Wireshark 4.2.0 < 4.2.13

News Articles

Wireshark Vulnerability Allows Attackers to Launch DoS Attacks

This flaw, identified as "Dissection engine crash", stems from a bug in the column utility module used by Wireshark's dissectors.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.