Skip to main content

Wireshark CVE-2026-6529

| EUVDEUVD-2026-26336 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:28 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26336
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Heap buffer overflow in the iLBC audio codec dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to trigger a denial of service crash by supplying a malformed iLBC packet. The vulnerability requires user interaction to open a crafted packet capture file and does not enable code execution.

Technical ContextAI

Wireshark's iLBC (Internet Low Bitrate Codec) dissector contains a heap buffer overflow (CWE-122) when parsing iLBC audio frames in network traffic captures. The iLBC codec is used for voice over IP and audio streaming protocols. When Wireshark processes a specially crafted iLBC packet, the dissector writes beyond allocated heap memory bounds, corrupting heap structures and triggering a crash. This affects the dissector logic responsible for decoding codec-specific frame headers and payload validation.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later for the 4.6.x branch, or to version 4.4.15 or later for the 4.4.x branch. Users unable to immediately upgrade should avoid opening untrusted packet capture files (.pcap, .pcapng, etc.) until patching is completed. No workarounds exist to disable the iLBC dissector parsing without rebuilding Wireshark from source with dissector modifications, which is not a practical mitigation for most deployments. Refer to https://www.wireshark.org/security/wnpa-sec-2026-32.html for official vendor advisories and patch availability confirmation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6529 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy