Skip to main content

Wireshark CVE-2026-5657

| EUVDEUVD-2026-26326 MEDIUM
Double Free (CWE-415)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 16:45 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26326
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:38 nvd
MEDIUM 5.5

DescriptionCVE.org

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via crafted iLBC codec packets allows local attackers with user interaction to crash the application and interrupt service. The vulnerability stems from a use-after-free condition in the iLBC codec parser, triggered when Wireshark processes malformed audio codec data, causing an application crash without code execution.

Technical ContextAI

Wireshark is a network protocol analyzer that dissects captured traffic by parsing codec implementations, including the iLBC (Internet Low Bitrate Codec) used in VoIP. The iLBC dissector in affected versions contains a use-after-free vulnerability (CWE-415), where memory is accessed after being deallocated. This occurs during the parsing of iLBC audio frames embedded in network packets. When a specially crafted iLBC codec packet is processed, the parser attempts to dereference freed memory, leading to a segmentation fault or application crash. The CPE cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:* indicates all Wireshark installations of the affected versions are vulnerable if iLBC dissection is enabled.

RemediationAI

Upgrade to Wireshark 4.6.5 or later (for the 4.6.x branch) or to Wireshark 4.4.15 or later (for the 4.4.x branch) to obtain the patched iLBC dissector. Users unable to upgrade immediately should avoid opening untrusted PCAP files or network captures containing iLBC codec data in Wireshark. If live packet analysis is required on untrusted networks, restrict capture filters to exclude VoIP protocols (e.g., disable SIP/RTP dissection) to bypass iLBC parsing. Disable the iLBC dissector in Wireshark's protocol preferences if VoIP analysis is not required. Patch details and download links are available at https://www.wireshark.org/security/wnpa-sec-2026-20.html.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5657 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy