CVE-2025-5601: 
Wireshark vulnerability analysis and mitigation

A critical security vulnerability (CVE-2025-5601) was disclosed on June 4, 2025, affecting Wireshark versions 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12. The vulnerability, identified as 'Dissection engine crash' (wnpa-sec-2025-02), stems from a bug in the column utility module used by Wireshark's dissectors (Wireshark Advisory, GitLab Issue).

The vulnerability is classified as high severity with a CVSS score of 7.8. The technical root cause lies in how Wireshark handles column data during packet dissection, specifically involving a buffer copy operation without proper input size checking (CWE-120). This unsafe operation can lead to memory corruption and application crashes during both live packet capture and analysis of saved packet trace files (GBHackers).

The vulnerability allows attackers to cause denial of service (DoS) conditions through two primary methods: by injecting malformed packets onto a network being monitored by Wireshark, or by convincing users to open specially crafted capture files. The issue can also be triggered by simply clicking on a column header in the packet list, causing a segmentation fault in affected versions (GBHackers).

Users are strongly advised to upgrade to Wireshark versions 4.4.7, 4.2.13, or later to address this vulnerability. For environments where immediate upgrades are not feasible, users should avoid opening untrusted packet capture files and restrict network access to trusted sources only (Wireshark Advisory).