{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9817", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-09-01T23:33:21.559Z", "datePublished": "2025-09-03T07:38:58.940Z", "dateUpdated": "2025-09-04T03:55:16.710Z"}, "containers": {"cna": {"title": "NULL Pointer Dereference in Wireshark", "descriptions": [{"lang": "en", "value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference", "cweId": "CWE-476", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20642", "name": "GitLab Issue #20642", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.9 or above"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-09-03T07:38:58.940Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-03T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-9817"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-04T03:55:16.710Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9817", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-03T13:32:10.731990Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T13:32:23.808Z"}}], "cna": {"title": "NULL Pointer Dereference in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.9 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20642", "name": "GitLab Issue #20642", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-09-03T07:38:58.940Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9817", "state": "PUBLISHED", "dateUpdated": "2025-09-03T13:32:26.453Z", "dateReserved": "2025-09-01T23:33:21.559Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-09-03T07:38:58.940Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "65ECA235-6896-45AB-AE7A-F11132A7CD99", "versionEndExcluding": "4.4.9", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"}], "id": "CVE-2025-9817", "lastModified": "2025-10-09T19:20:23.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-03T08:15:31.893", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20642"}, {"source": "cve@gitlab.com", "tags": ["Third Party Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{"bugzilla": {"description": "Wireshark: NULL Pointer Dereference in Wireshark", "id": "2392839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392839"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "As a mitigation, users should avoid opening packet captures from untrusted sources and restrict analysis to known, reliable traffic. Running Wireshark with non-privileged accounts or in a sandboxed environment can also help minimize the impact of a crash."}, "name": "CVE-2025-9817", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-03T07:38:58Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9817\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9817\nhttps://gitlab.com/wireshark/wireshark/-/issues/20642\nhttps://www.wireshark.org/security/wnpa-sec-2025-03.html"], "statement": "This issue is considered Moderate rather than an Important flaw because its impact is limited to application availability and does not allow for arbitrary code execution or information disclosure. The vulnerability leads to a segmentation fault in the SSH dissector, which can crash Wireshark or TShark, but only when the user opens a malicious capture file or analyzes traffic containing malformed SSH packets. Since exploitation requires user interaction (opening the file) or the ability to inject traffic into a monitored network, and the consequence is restricted to denial of service rather than compromise of confidentiality or integrity, the severity is classified as moderate.", "threat_severity": "Moderate"}