Skip to main content

Wireshark CVE-2026-6537

| EUVDEUVD-2026-26344 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:15 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26344
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:37 nvd
MEDIUM 5.5

DescriptionCVE.org

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Stack buffer overflow in Wireshark's ZigBee protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash and denial of service when processing malformed ZigBee packets. An attacker must trick a user into opening a crafted packet capture file or visiting a malicious webpage serving the packet, since the vulnerability requires local file access and user interaction. No active exploitation has been publicly reported.

Technical ContextAI

The vulnerability exists in Wireshark's ZigBee protocol dissector, which parses ZigBee wireless frames during network traffic analysis. ZigBee is a low-power wireless communication standard used in IoT and smart home devices. The underlying issue is a stack-based buffer overflow (CWE-121), where the dissector writes beyond allocated memory boundaries when parsing specially crafted ZigBee packet fields. This type of memory corruption occurs during the decoding phase before packet data is properly validated, causing the Wireshark process to crash when the overflow is triggered. The affected CPE indicates the Wireshark Foundation's official product across all platforms where this code path is compiled.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later in the 4.6 branch, or to version 4.4.15 or later in the 4.4 branch. Users on earlier versions should prioritize this update to eliminate DoS risk. Until patched, a compensating control is to disable the ZigBee dissector in Wireshark's protocol preferences (Wireshark → Preferences → Protocols → ZigBee → disable), which prevents the vulnerable code path from executing; however, this disables ZigBee packet analysis functionality entirely and is only practical if ZigBee analysis is not required. Another mitigation is to restrict which users can run Wireshark or handle untrusted packet capture files, reducing the attack surface to authenticated, trusted personnel. For additional details, refer to the official Wireshark security advisory at https://www.wireshark.org/security/wnpa-sec-2026-24.html and the GitLab issue tracker at https://gitlab.com/wireshark/wireshark/-/issues/21125.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6537 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy