CVE-2025-1492

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-1492
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1492.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-1492
Downstream
Related
Published
2025-02-20T01:30:46.055Z
Modified
2025-11-28T02:35:45.251250Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Uncontrolled Recursion in Wireshark
Details

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Database specific 
{
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1492.json"
}
References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
54eedfc63953c8180b5a9c60015917cce7a2548a
Last affected
40bbca02d283129cfa15983ec558be2a348f6b30
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Last affected
66d7a52feb061b71cb6ea4a35acca78664f29590

Affected versions

v4.*

v4.2.0
v4.2.1
v4.2.10
v4.2.10rc0
v4.2.1rc0
v4.2.2
v4.2.2rc0
v4.2.3
v4.2.3rc0
v4.2.4
v4.2.4rc0
v4.2.5
v4.2.5rc0
v4.2.6
v4.2.6rc0
v4.2.7
v4.2.7rc0
v4.2.8
v4.2.8rc0
v4.2.9
v4.2.9rc0
v4.4.0
v4.4.1
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0

wireshark-4.*

wireshark-4.2.0
wireshark-4.2.1
wireshark-4.2.10
wireshark-4.2.2
wireshark-4.2.3
wireshark-4.2.4
wireshark-4.2.5
wireshark-4.2.6
wireshark-4.2.7
wireshark-4.2.8
wireshark-4.2.9
wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1492.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Fixed
e0b09115d29cbdeba0f3bafa949bfdaf515b68e7
Database specific 
{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
54eedfc63953c8180b5a9c60015917cce7a2548a
Fixed
53ee01efc5211493027894ac18e8749e4f91da64
Database specific 
{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.11"
        }
    ]
}

Affected versions

v4.*

v4.2.0
v4.2.1
v4.2.10
v4.2.10rc0
v4.2.11rc0
v4.2.1rc0
v4.2.2
v4.2.2rc0
v4.2.3
v4.2.3rc0
v4.2.4
v4.2.4rc0
v4.2.5
v4.2.5rc0
v4.2.6
v4.2.6rc0
v4.2.7
v4.2.7rc0
v4.2.8
v4.2.8rc0
v4.2.9
v4.2.9rc0
v4.4.0
v4.4.1
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4rc0

wireshark-4.*

wireshark-4.2.0
wireshark-4.2.1
wireshark-4.2.10
wireshark-4.2.2
wireshark-4.2.3
wireshark-4.2.4
wireshark-4.2.5
wireshark-4.2.6
wireshark-4.2.7
wireshark-4.2.8
wireshark-4.2.9
wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1492.json"