Skip to main content

Wireshark CVE-2026-5404

MEDIUM
Classic Buffer Overflow (CWE-120)
2026-04-30 GitLab
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 30, 2026 - 23:46 vuln.today
Analysis Generated
Apr 30, 2026 - 23:30 vuln.today
CVE Published
Apr 30, 2026 - 23:04 nvd
MEDIUM 4.7

DescriptionCVE.org

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers to crash the application by parsing malformed K12 RF5 files with user interaction. The vulnerability stems from a buffer overflow in the K12 RF5 file parser, requiring an attacker to trick a user into opening a crafted file. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

K12 RF5 is a Wireshark file format handler for Tektronix K12 RF5 capture files. The vulnerability resides in the parser logic handling this format, classified as CWE-120 (buffer copy without checking size of input). The affected CPE cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:* indicates the Wireshark application itself is vulnerable across the specified version ranges. Buffer overflow conditions in file parsers typically arise from insufficient bounds checking when reading file headers or structured data blocks from untrusted K12 RF5 files.

RemediationAI

Upgrade to patched versions of Wireshark released after 4.6.4 and 4.4.14 (specific patch versions not provided in advisory reference). As a workaround pending patching, restrict user access to opening K12 RF5 capture files from untrusted sources, disable automatic file preview features in Wireshark if available, and educate users to avoid opening .rf5 files from external sources. Refer to https://www.wireshark.org/security/wnpa-sec-2026-15.html for the exact patched version numbers and release timeline.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy