Skip to main content

Wireshark CVE-2026-5299

| EUVDEUVD-2026-26315 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:26 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26315
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:39 nvd
MEDIUM 5.5

DescriptionCVE.org

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via malformed ICMPv6 PvD (Prefix Validation Data) packets crashes the protocol dissector, requiring user interaction to open a crafted capture file. The vulnerability affects local users only (AV:L) and does not enable code execution, information disclosure, or integrity compromise.

Technical ContextAI

Wireshark's ICMPv6 PvD protocol dissector contains an infinite loop or unbounded recursion (CWE-674: Uncontrolled Recursion) triggered when parsing malformed ICMPv6 packets with the PvD (Prefix Validation Data) option. ICMPv6 is used for network diagnostics and neighbor discovery in IPv6 networks; the PvD extension enables secure configuration distribution. The dissector's parsing logic fails to properly validate packet structure or enforce recursion depth limits, causing the application to consume CPU resources and become unresponsive when processing a specially crafted packet file.

RemediationAI

Upgrade Wireshark to a patched version released after the advisory (exact patch version not specified in available data, but check https://www.wireshark.org/security/wnpa-sec-2026-12.html for the next minor release 4.6.5 or 4.4.15). Until patching is possible, implement compensating controls: restrict file-opening permissions to trusted users only, disable automatic opening of packet capture files from email or untrusted sources, and run Wireshark in isolated virtual machines when analyzing untrusted captures. Note the side effect of isolation - reduced analyst productivity - but justified by the uncontrolled recursion risk.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5299 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy