Skip to main content

Wireshark CVE-2026-5653

| EUVDEUVD-2026-26323 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 17:04 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26323
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:38 nvd
MEDIUM 5.5

DescriptionCVE.org

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Heap buffer overflow in the DCP-ETSI protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when a user opens a malicious packet capture file. The vulnerability requires user interaction (opening a crafted .pcap or similar file locally) and crashes the application, preventing further packet analysis. No public exploit code or active exploitation has been confirmed at this time.

Technical ContextAI

The DCP-ETSI (Digital Cinema Packages-European Telecommunications Standards Institute) protocol dissector in Wireshark is responsible for parsing and displaying DCP-ETSI network traffic. A heap buffer overflow (CWE-122) occurs during dissection of malformed DCP-ETSI packets, likely when the dissector reads beyond allocated memory boundaries while processing packet fields. This is a memory safety issue in the dissector's parsing logic, triggered when Wireshark attempts to render or analyze a specially crafted packet. The local attack vector and requirement for user interaction (opening a file) significantly limits the practical threat model compared to network-based vulnerabilities.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later in the 4.6 branch, or 4.4.15 or later in the 4.4 branch, or 4.8.0 or later in the 4.8 branch. Until patching is possible, avoid opening untrusted packet capture files (.pcap, .pcapng) from external sources, especially those claiming to contain DCP-ETSI traffic. If analysis of suspicious captures is necessary, use an isolated virtual machine or sandboxed environment to limit the impact of a crash. Consider implementing file validation or integrity checks on incoming capture files before processing. See https://www.wireshark.org/security/wnpa-sec-2026-22.html for patch availability confirmation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5653 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy