Skip to main content

Wireshark CVE-2026-5407

| EUVDEUVD-2026-26320 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:25 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26320
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:39 nvd
MEDIUM 5.5

DescriptionCVE.org

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in SMB2 protocol dissector allows local attackers to crash the application when processing malicious or malformed SMB2 network traffic. Exploitation requires user interaction (opening a crafted capture file or live capture), and causes high availability impact with no data confidentiality or integrity compromise. CVSS 5.5 reflects local attack vector but potential for widespread impact given Wireshark's role in network analysis workflows.

Technical ContextAI

Wireshark's SMB2 (Server Message Block version 2) protocol dissector contains an infinite loop vulnerability (CWE-835: Loop with Unreachable Exit Condition) triggered during parsing of specially crafted SMB2 packets. The SMB2 protocol is used for file sharing, printer sharing, and network communication over Windows networks and is widely captured and analyzed by security analysts. The vulnerability exists in the dissector code responsible for interpreting SMB2 traffic in packet captures, meaning an attacker can craft a malicious PCAP file or inject malicious packets into live network traffic that Wireshark processes, causing the dissector to enter an infinite loop and consume CPU resources until the application hangs or crashes.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later (for 4.6.x branch) or 4.4.15 or later (for 4.4.x branch). Fixed versions are confirmed per the Wireshark security advisory WNPA-SEC-2026-11 at https://www.wireshark.org/security/wnpa-sec-2026-11.html. Pending patching, operational mitigations include: (1) Restrict Wireshark use to trusted, validated packet captures only - do not process captures from untrusted sources or live network feeds in high-risk environments; (2) Run Wireshark in isolated environments (virtual machines, sandboxes) when analyzing potentially malicious traffic, containing the DoS impact to the analysis system rather than critical infrastructure; (3) Implement file integrity monitoring or blocking policies to prevent users from opening suspicious PCAP files. Older Wireshark versions (4.2.x and below) are no longer in mainstream support; organizations using those versions should prioritize upgrade to the latest stable release.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5407 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy