{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13499", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-11-21T05:33:17.924Z", "datePublished": "2025-11-21T06:03:52.020Z", "dateUpdated": "2025-11-22T04:55:19.670Z"}, "containers": {"cna": {"title": "Access of Uninitialized Pointer in Wireshark", "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-824: Access of Uninitialized Pointer", "cweId": "CWE-824", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823", "name": "GitLab Issue #20823", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.1, 4.4.11, or above"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-11-21T06:03:52.020Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-13499"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-22T04:55:19.670Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"}], "id": "CVE-2025-13499", "lastModified": "2025-11-21T15:13:13.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-21T06:15:48.203", "references": [{"source": "[email protected]", "url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"}, {"source": "[email protected]", "url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Access of Uninitialized Pointer in Wireshark", "id": "2416293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416293"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-13499", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-21T06:03:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13499\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13499\nhttps://gitlab.com/wireshark/wireshark/-/commit/49137f8ce93c9f7ac55b69c8e089ba6a422f633e\nhttps://gitlab.com/wireshark/wireshark/-/issues/20823\nhttps://www.wireshark.org/security/wnpa-sec-2025-06.html"], "threat_severity": "Important"}