Vulnerability-Lookup

WID-SEC-W-2026-1311

Vulnerability from csaf_certbund - Published: 2026-04-29 22:00 - Updated: 2026-06-04 22:00

Summary

Wireshark: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Wireshark ist eine Software zum Mitschneiden von Netzwerkverkehr und zur Analyse von Netzwerkprotokollen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Wireshark ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-5299

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5401

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5402

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5403

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5404

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5405

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5406

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5407

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5408

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5409

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5653

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5654

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5655

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5656

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-5657

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6519

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6520

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6521

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6522

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6523

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6524

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6525

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6526

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6527

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6528

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6529

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6530

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6531

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6532

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6533

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6534

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6535

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6536

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6537

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6538

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6868

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6869

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-6870

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-7375

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-7376

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-7378

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

CVE-2026-7379

Affected products

Known affected 7 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Wireshark <4.4.15 Open Source / Wireshark		<4.4.15
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Wireshark <4.6.5 Open Source / Wireshark		<4.6.5
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Red Hat Enterprise Linux 10 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:10`	10

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.wireshark.org/docs/relnotes/wireshark…	external
https://www.wireshark.org/docs/relnotes/wireshark…	external
https://www.wireshark.org/download.html	external
https://security-tracker.debian.org/tracker/DSA-6249-1	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:20600	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:20600	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Wireshark ist eine Software zum Mitschneiden von Netzwerkverkehr und zur Analyse von Netzwerkprotokollen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Wireshark ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1311 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1311.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1311 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1311"
      },
      {
        "category": "external",
        "summary": "Wireshark 4.4.15 Release Notes vom 2026-04-29",
        "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.4.15.html"
      },
      {
        "category": "external",
        "summary": "Wireshark 4.6.5 release notes vom 2026-04-29",
        "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.6.5.html"
      },
      {
        "category": "external",
        "summary": "Wireshark Security Advisory  vom 2026-04-29",
        "url": "https://www.wireshark.org/download.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6249 vom 2026-05-07",
        "url": "https://security-tracker.debian.org/tracker/DSA-6249-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20685-1 vom 2026-05-08",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TMO2ZT2J2UGZ4EYXVISTJKFMGLLGSTGV/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21559-1 vom 2026-05-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025962.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20600 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20600"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2203-1 vom 2026-06-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026423.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:20600 vom 2026-06-04",
        "url": "https://errata.build.resf.org/RLSA-2026:20600"
      }
    ],
    "source_lang": "en-US",
    "title": "Wireshark: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-05T08:35:25.849+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1311",
      "initial_release_date": "2026-04-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-26459, EUVD-2026-26463, EUVD-2026-26462, EUVD-2026-26460, EUVD-2026-26785"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-05-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.6.5",
                "product": {
                  "name": "Open Source Wireshark \u003c4.6.5",
                  "product_id": "T053416"
                }
              },
              {
                "category": "product_version",
                "name": "4.6.5",
                "product": {
                  "name": "Open Source Wireshark 4.6.5",
                  "product_id": "T053416-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:wireshark:wireshark:4.6.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.4.15",
                "product": {
                  "name": "Open Source Wireshark \u003c4.4.15",
                  "product_id": "T053417"
                }
              },
              {
                "category": "product_version",
                "name": "4.4.15",
                "product": {
                  "name": "Open Source Wireshark 4.4.15",
                  "product_id": "T053417-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:wireshark:wireshark:4.4.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Wireshark"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Red Hat Enterprise Linux 10",
                  "product_id": "T054653",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-5299",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5299"
    },
    {
      "cve": "CVE-2026-5401",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5401"
    },
    {
      "cve": "CVE-2026-5402",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5402"
    },
    {
      "cve": "CVE-2026-5403",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5403"
    },
    {
      "cve": "CVE-2026-5404",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5404"
    },
    {
      "cve": "CVE-2026-5405",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5405"
    },
    {
      "cve": "CVE-2026-5406",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5406"
    },
    {
      "cve": "CVE-2026-5407",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5407"
    },
    {
      "cve": "CVE-2026-5408",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5408"
    },
    {
      "cve": "CVE-2026-5409",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5409"
    },
    {
      "cve": "CVE-2026-5653",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5653"
    },
    {
      "cve": "CVE-2026-5654",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5654"
    },
    {
      "cve": "CVE-2026-5655",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5655"
    },
    {
      "cve": "CVE-2026-5656",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5656"
    },
    {
      "cve": "CVE-2026-5657",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-5657"
    },
    {
      "cve": "CVE-2026-6519",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6519"
    },
    {
      "cve": "CVE-2026-6520",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6520"
    },
    {
      "cve": "CVE-2026-6521",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6521"
    },
    {
      "cve": "CVE-2026-6522",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6522"
    },
    {
      "cve": "CVE-2026-6523",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6523"
    },
    {
      "cve": "CVE-2026-6524",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6524"
    },
    {
      "cve": "CVE-2026-6525",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6525"
    },
    {
      "cve": "CVE-2026-6526",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6526"
    },
    {
      "cve": "CVE-2026-6527",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6527"
    },
    {
      "cve": "CVE-2026-6528",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6528"
    },
    {
      "cve": "CVE-2026-6529",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6529"
    },
    {
      "cve": "CVE-2026-6530",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6530"
    },
    {
      "cve": "CVE-2026-6531",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6531"
    },
    {
      "cve": "CVE-2026-6532",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6532"
    },
    {
      "cve": "CVE-2026-6533",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6533"
    },
    {
      "cve": "CVE-2026-6534",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6534"
    },
    {
      "cve": "CVE-2026-6535",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6535"
    },
    {
      "cve": "CVE-2026-6536",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6536"
    },
    {
      "cve": "CVE-2026-6537",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6537"
    },
    {
      "cve": "CVE-2026-6538",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6538"
    },
    {
      "cve": "CVE-2026-6868",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6868"
    },
    {
      "cve": "CVE-2026-6869",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6869"
    },
    {
      "cve": "CVE-2026-6870",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-6870"
    },
    {
      "cve": "CVE-2026-7375",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-7375"
    },
    {
      "cve": "CVE-2026-7376",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-7376"
    },
    {
      "cve": "CVE-2026-7378",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-7378"
    },
    {
      "cve": "CVE-2026-7379",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T053417",
          "T027843",
          "T053416",
          "T032255",
          "T054653"
        ]
      },
      "release_date": "2026-04-29T22:00:00.000+00:00",
      "title": "CVE-2026-7379"
    }
  ]
}

CVE-2026-5299 (GCVE-0-2026-5299)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:39 – Updated: 2026-04-30 12:53

Title

Uncontrolled Recursion in Wireshark

Summary

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21077	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5299",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T12:53:18.338809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T12:53:49.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:39:24.216Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-12.html"
        },
        {
          "name": "GitLab Issue #21077",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21077"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Uncontrolled Recursion in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5299",
    "datePublished": "2026-04-30T05:39:24.216Z",
    "dateReserved": "2026-04-01T05:33:12.299Z",
    "dateUpdated": "2026-04-30T12:53:49.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5401 (GCVE-0-2026-5401)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:39 – Updated: 2026-04-30 13:00

Title

Uncontrolled Recursion in Wireshark

Summary

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21088	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5401",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T13:00:37.649384Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T13:00:48.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/wireshark/wireshark/-/issues/21088"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:39:09.207Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-13.html"
        },
        {
          "name": "GitLab Issue #21088",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21088"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Uncontrolled Recursion in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5401",
    "datePublished": "2026-04-30T05:39:09.207Z",
    "dateReserved": "2026-04-02T06:33:06.811Z",
    "dateUpdated": "2026-04-30T13:00:48.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5402 (GCVE-0-2026-5402)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:39 – Updated: 2026-05-01 15:27

Title

Heap-based Buffer Overflow in Wireshark

Summary

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21090	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver)

Credits

Duc Anh Nguyen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5402",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T03:55:49.825913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T15:27:02.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Duc Anh Nguyen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:39:14.217Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-14.html"
        },
        {
          "name": "GitLab Issue #21090",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21090"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Heap-based Buffer Overflow in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5402",
    "datePublished": "2026-04-30T05:39:14.217Z",
    "dateReserved": "2026-04-02T06:33:11.664Z",
    "dateUpdated": "2026-05-01T15:27:02.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5403 (GCVE-0-2026-5403)

Vulnerability from cvelistv5 – Published: 2026-04-30 23:04 – Updated: 2026-05-02 03:55

Title

Heap-based Buffer Overflow in Wireshark

Summary

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21103	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Duc Anh Nguyen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-02T03:55:27.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Duc Anh Nguyen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T23:04:03.523Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-16.html"
        },
        {
          "name": "GitLab Issue #21103",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21103"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Heap-based Buffer Overflow in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5403",
    "datePublished": "2026-04-30T23:04:03.523Z",
    "dateReserved": "2026-04-02T06:33:16.683Z",
    "dateUpdated": "2026-05-02T03:55:27.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5404 (GCVE-0-2026-5404)

Vulnerability from cvelistv5 – Published: 2026-04-30 23:04 – Updated: 2026-05-01 14:20

Title

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark

Summary

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21094	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

TODO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T14:19:54.078154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T14:20:15.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TODO"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T23:04:08.537Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-15.html"
        },
        {
          "name": "GitLab Issue #21094",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21094"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5404",
    "datePublished": "2026-04-30T23:04:08.537Z",
    "dateReserved": "2026-04-02T06:33:21.683Z",
    "dateUpdated": "2026-05-01T14:20:15.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5405 (GCVE-0-2026-5405)

Vulnerability from cvelistv5 – Published: 2026-04-30 23:03 – Updated: 2026-05-04 19:41

Title

Heap-based Buffer Overflow in Wireshark

Summary

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

GitLab

References

2 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21105	issue-trackingpermissions-required

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Duc Anh Nguyen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5405",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-02T03:55:30.982524Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T19:41:26.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Duc Anh Nguyen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T23:03:53.654Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-17.html"
        },
        {
          "name": "GitLab Issue #21105",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Heap-based Buffer Overflow in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5405",
    "datePublished": "2026-04-30T23:03:53.654Z",
    "dateReserved": "2026-04-02T06:33:26.681Z",
    "dateUpdated": "2026-05-04T19:41:26.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5406 (GCVE-0-2026-5406)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:40 – Updated: 2026-04-30 12:56

Title

Uncontrolled Recursion in Wireshark

Summary

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitLab

References

3 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21070	issue-trackingpermissions-required
https://gitlab.com/wireshark/wireshark/-/work_ite…	exploit

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5406",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T12:55:40.481166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T12:56:20.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21070"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:40:24.223Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-10.html"
        },
        {
          "name": "GitLab Issue #21070",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21070"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Uncontrolled Recursion in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5406",
    "datePublished": "2026-04-30T05:40:24.223Z",
    "dateReserved": "2026-04-02T06:33:31.669Z",
    "dateUpdated": "2026-04-30T12:56:20.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5407 (GCVE-0-2026-5407)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:39 – Updated: 2026-04-30 12:54

Title

Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

Summary

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

GitLab

References

3 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21073	issue-trackingpermissions-required
https://gitlab.com/wireshark/wireshark/-/work_ite…	exploit

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5407",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T12:54:15.707110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T12:54:35.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21073"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:39:29.251Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-11.html"
        },
        {
          "name": "GitLab Issue #21073",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21073"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5407",
    "datePublished": "2026-04-30T05:39:29.251Z",
    "dateReserved": "2026-04-02T06:33:36.680Z",
    "dateUpdated": "2026-04-30T12:54:35.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5408 (GCVE-0-2026-5408)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:40 – Updated: 2026-04-30 12:51

Title

Uncontrolled Recursion in Wireshark

Summary

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitLab

References

3 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21067	issue-trackingpermissions-required
https://gitlab.com/wireshark/wireshark/-/work_ite…	exploit

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5408",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T12:51:29.707385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T12:51:52.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21067"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:40:59.205Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-09.html"
        },
        {
          "name": "GitLab Issue #21067",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21067"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Uncontrolled Recursion in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5408",
    "datePublished": "2026-04-30T05:40:59.205Z",
    "dateReserved": "2026-04-02T06:33:41.677Z",
    "dateUpdated": "2026-04-30T12:51:52.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5409 (GCVE-0-2026-5409)

Vulnerability from cvelistv5 – Published: 2026-04-30 05:41 – Updated: 2026-04-30 12:58

Title

Uncontrolled Recursion in Wireshark

Summary

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitLab

References

3 references

URL	Tags
https://www.wireshark.org/security/wnpa-sec-2026-…
https://gitlab.com/wireshark/wireshark/-/issues/21066	issue-trackingpermissions-required
https://gitlab.com/wireshark/wireshark/-/work_ite…	exploit

Impacted products

1 product

Vendor	Product	Version
Wireshark Foundation	Wireshark	Affected: 4.6.0 , < 4.6.5 (semver) Affected: 4.4.0 , < 4.4.15 (semver)

Credits

Brendan Coles

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5409",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T12:57:30.358494Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T12:58:18.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21066"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Wireshark",
          "vendor": "Wireshark Foundation",
          "versions": [
            {
              "lessThan": "4.6.5",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brendan Coles"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T05:41:19.212Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-08.html"
        },
        {
          "name": "GitLab Issue #21066",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/wireshark/wireshark/-/issues/21066"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 4.6.5 or above"
        }
      ],
      "title": "Uncontrolled Recursion in Wireshark"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-5409",
    "datePublished": "2026-04-30T05:41:19.212Z",
    "dateReserved": "2026-04-02T07:03:43.324Z",
    "dateUpdated": "2026-04-30T12:58:18.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1311

CVE-2026-5299 (GCVE-0-2026-5299)

CVE-2026-5401 (GCVE-0-2026-5401)

CVE-2026-5402 (GCVE-0-2026-5402)

CVE-2026-5403 (GCVE-0-2026-5403)

CVE-2026-5404 (GCVE-0-2026-5404)

CVE-2026-5405 (GCVE-0-2026-5405)

CVE-2026-5406 (GCVE-0-2026-5406)

CVE-2026-5407 (GCVE-0-2026-5407)

CVE-2026-5408 (GCVE-0-2026-5408)

CVE-2026-5409 (GCVE-0-2026-5409)

Tags

Sightings

Nomenclature