| Package | wireshark |
|---|---|
| Version | 2.6.20-0+deb10u9~deb9u2 (stretch), 2.6.20-0+deb10u10 (buster) |
| Related CVEs | CVE-2024-9781 CVE-2024-11596 CVE-2025-5601 CVE-2025-11626 CVE-2025-13946 |
Multiple vulnerabilities have been fixed in the network traffic analyzer Wireshark.
CVE-2024-9781
AppleTalk and RELOAD Framing dissector crash allows denial of service via packet injection or crafted capture file.
CVE-2024-11596
ECMP dissector crash allows denial of service via packet injection or crafted capture file.
CVE-2025-5601
Column handling crashes allows denial of service via packet injection or crafted capture file.
CVE-2025-11626
MONGO dissector infinite loop allows denial of service.
CVE-2025-13946
MEGACO dissector infinite loop in allows denial of service.
For Debian 10 buster, these problems have been fixed in version 2.6.20-0+deb10u10.
For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb10u9~deb9u2.
We recommend that you upgrade your wireshark packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.