Skip to main content

Wireshark CVE-2026-6530

| EUVDEUVD-2026-26337 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:28 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26337
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Heap buffer overflow in Wireshark's DCP-ETSI protocol dissector causes denial of service when processing malformed network packets in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local user can trigger a crash by opening a crafted packet file or live network capture, rendering the packet analysis tool unresponsive. No remote exploitation or data exfiltration is possible; impact is limited to availability.

Technical ContextAI

The DCP-ETSI dissector is a Wireshark protocol parser for Digital Cinema Packages using ETSI standards. The vulnerability stems from a heap buffer overflow (CWE-122) in the dissector's packet parsing logic, likely during structure field extraction or frame boundary validation. When Wireshark processes a malformed DCP-ETSI packet-one with incorrect length fields, truncated payloads, or crafted header values-the dissector writes beyond allocated heap memory, corrupting the heap and triggering a crash. This is a classic memory safety issue in C-based protocol parsing where input validation or bounds checking is insufficient.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later for the 4.6.x branch, or to version 4.4.15 or later for the 4.4.x branch. These versions include a patched DCP-ETSI dissector with proper bounds checking. If immediate upgrade is not feasible, disable the DCP-ETSI dissector via Wireshark's preference menu (Analyze → Enabled Protocols, then uncheck DCP-ETSI) to prevent parsing of DCP-ETSI packets; this eliminates the crash vector but will not display DCP-ETSI traffic. Additionally, restrict opening untrusted capture files to trusted analysts and avoid live-capturing on untrusted networks if DCP-ETSI packets may be present. See https://www.wireshark.org/security/wnpa-sec-2026-31.html for patch deployment details.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy