Skip to main content

Wireshark CVE-2026-5401

| EUVDEUVD-2026-26316 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:26 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26316
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:39 nvd
MEDIUM 5.5

DescriptionCVE.org

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed AFP Spotlight protocol packets, causing denial of service. An attacker can trigger the crash by delivering a crafted packet to a user running a vulnerable version, disrupting packet analysis and network monitoring. The vulnerability requires local or direct network access and user interaction to open a malicious capture file or receive the packet during live capture, but no authentication is needed.

Technical ContextAI

The AFP (Apple Filing Protocol) Spotlight protocol dissector in Wireshark is susceptible to an infinite recursion or stack overflow condition (CWE-674: Uncontrolled Recursion). The dissector parses Spotlight query packets without proper depth or complexity limits, allowing specially crafted packets to exhaust the call stack and crash the Wireshark process. This is a protocol-parsing vulnerability specific to Wireshark's dissector logic, not the AFP protocol itself. Affected versions span two major release lines: 4.4.x and 4.6.x, indicating the vulnerability was introduced or remained unfixed across multiple development cycles.

RemediationAI

Upgrade to Wireshark 4.6.5 or later, or 4.4.15 or later, depending on the release branch in use. These patched versions include fixes to the AFP Spotlight dissector to prevent infinite recursion or stack overflow. Until patching is complete, avoid opening untrusted pcap files from unknown sources; if live packet capture is necessary, configure network segmentation to prevent delivery of malicious AFP Spotlight packets, or temporarily disable AFP dissection via Wireshark's dissector settings (Menu: Analyze → Enabled Protocols, uncheck AFP). Note that disabling the dissector prevents analysis of legitimate AFP traffic, so it is suitable only for short-term mitigation. See https://www.wireshark.org/security/wnpa-sec-2026-13.html for patch download and additional guidance.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy