Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

wnpa-sec-2025-07 · HTTP3 dissector crash

Summary

Name: HTTP3 dissector crash

Docid: wnpa-sec-2025-07

Date: December 3, 2025

Affected versions: 4.6.0 to 4.6.1

Fixed versions: 4.6.2

References:

Wireshark issue 20860.
CVE-2025-13945.

Details

Description

The HTTP3 dissector could crash when decrypting traffic using a keylog file or loading a capture file that contains decryption secrets.

Impact

Discovered by Sébastien Féry. We are unaware of any exploits for this issue. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.2 or later.