Skip to main content

Wireshark ciscodump CVE-2026-15164

| EUVDEUVD-2026-42410 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-07-08 cve@gitlab.com GHSA-w5mx-46xm-8f3v
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vuln.today AI
4.3 MEDIUM

Crafted remote capture data (AV:N) but an analyst must launch ciscodump against the source (UI:R); only the tool process crashes, so C/I:N and A:L, matching SSVC's 'partial' technical impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

10
Severity Changed
Jul 10, 2026 - 13:52 NVD
HIGH MEDIUM
CVSS changed
Jul 10, 2026 - 13:52 NVD
7.5 (HIGH) 5.5 (MEDIUM)
Analysis Updated
Jul 09, 2026 - 20:16 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 20:16 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 20:07 vuln.today
cvss_changed
Severity Changed
Jul 09, 2026 - 20:07 NVD
MEDIUM HIGH
CVSS changed
Jul 09, 2026 - 20:07 NVD
5.5 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jul 08, 2026 - 22:10 vuln.today
Patch available
Jul 08, 2026 - 22:04 EUVD
CVE Published
Jul 08, 2026 - 21:16 cve.org
MEDIUM 5.5

DescriptionNVD

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

AnalysisAI

Denial of service in Wireshark's ciscodump remote capture utility (extcap) affects versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, where a heap-based buffer overflow (CWE-122) can crash the capture tool. An attacker able to feed crafted data to a running ciscodump session can terminate the process, disrupting live packet capture. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Analyst starts ciscodump remote capture
Delivery
Attacker-controlled Cisco source returns crafted data
Exploit
Overflow heap buffer in ciscodump parser
Execution
Corrupt heap and crash process
Impact
Capture session denied

Vulnerability AssessmentAI

Exploitation Exploitation requires that ciscodump (the Wireshark remote Cisco capture extcap) be actively used to capture from a source the attacker can influence - i.e., the analyst must initiate a ciscodump capture against a malicious or compromised Cisco device (or a network path where crafted data can be injected). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, score 7.5) rates this as network-reachable, unauthenticated, no-interaction with high availability impact - but this framing is in tension with ciscodump's real-world usage: it is an analyst-driven tool that an operator must actively launch and point at a remote Cisco source, so no-interaction network exploitation of a passive listener is unlikely. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An analyst uses ciscodump to remotely capture traffic from a Cisco device that is attacker-controlled or has been compromised; the device returns malformed capture data that triggers the heap-based buffer overflow and crashes ciscodump, aborting the capture session. A POC is referenced in the SSVC data, though no weaponized public exploit was identified. …
Remediation Vendor-released patch: upgrade Wireshark to 4.6.7 or 4.4.17 (or later), which contain the fix for the ciscodump heap overflow, per Wireshark advisory wnpa-sec-2026-63 (https://www.wireshark.org/security/wnpa-sec-2026-63.html). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Wireshark versions 4.6.0-4.6.6 or 4.4.0-4.4.16 where ciscodump is actively used for network monitoring. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2014-2299 CRITICAL POC
9.3 Mar 11

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10

CVE-2013-4074 MEDIUM POC
5.0 Jun 09

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.

CVE-2018-6836 CRITICAL POC
9.8 Feb 08

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an un

CVE-2014-4174 CRITICAL POC
9.3 Jun 18

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitr

CVE-2017-9353 HIGH POC
7.5 Jun 02

In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remot

CVE-2017-17085 HIGH POC
7.5 Dec 01

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. Rated high severity (CVSS 7.5), t

CVE-2017-9347 HIGH POC
7.5 Jun 02

In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. Rated high severity (CVSS 7.

CVE-2025-5601 HIGH POC
7.8 Jun 04

A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8)

CVE-2023-4513 HIGH POC
7.5 Aug 24

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injecti

CVE-2023-4512 HIGH POC
7.5 Aug 24

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file.

CVE-2023-2879 HIGH POC
7.5 May 26

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or cra

CVE-2023-1992 HIGH POC
7.5 Apr 12

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection o

Share

CVE-2026-15164 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy