Volerion logoVolerion
Volerion logoVolerion

Wireshark Discolumn Handling Crash Vulnerability Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12. The issue arises from improper column handling in the dissection engine, which can lead to crashes. This vulnerability can be exploited by injecting malformed packets or by using crafted capture files that disrupt the normal processing of packet data.

Impact

Exploitation of this vulnerability causes Wireshark to crash, interrupting any ongoing packet analysis or capture processing.

Reproduction

The vulnerability can be reproduced by using TShark, Wireshark's command-line interface, to process a crafted capture file that exploits the column handling issue. This can be done by injecting a malformed packet into the network or by convincing a user to open a capture file containing the crafted data with Wireshark.

Remediation

Users are advised to upgrade to Wireshark versions 4.4.7, 4.2.12 or later.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.1
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.