wnpa-sec-2025-01 · Bundle Protocol and CBOR dissector crash
Summary
Name: Bundle Protocol and CBOR dissector crash
Docid: wnpa-sec-2025-01
Date: February 19, 2025
Affected versions: 4.4.0 to 4.4.x, 4.2.0 to 4.2.x
Fixed versions: 4.4.x, 4.2.x
References:
Wireshark issue 20373.
CVE-2025-1492.
Details
Description
The Bundle Protocol and CBOR dissectors could crash.
Impact
Discovered by OSS-Fuzz. We are unaware of any exploits for this issue. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.4.x, 4.2.x or later.