Bug 2417250 (CVE-2025-13674)
| Summary: | CVE-2025-13674 Wireshark: Wireshark: BPv7 dissector crash leads to denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw in the BPv7 (Bundle Protocol v7) dissector in Wireshark 4.6.0 can cause the application to crash when processing certain malformed packets or trace files. The bug was discovered during internal fuzzing and occurs due to a use-after-free memory error triggered while decoding BPv7 elements.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2417510, 2417511 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-11-26 12:01:25 UTC
|