Skip to main content

Wireshark CVE-2026-6538

| EUVDEUVD-2026-26345 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:15 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26345
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:38 nvd
MEDIUM 5.5

DescriptionCVE.org

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Stack buffer overflow in Wireshark's BEEP protocol dissector causes denial of service when processing malformed network packets. Versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable; a local user with the ability to interact with Wireshark or supply crafted BEEP traffic can trigger a crash via a specially crafted packet that requires user interaction to open or process. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Wireshark is a network protocol analyzer that uses protocol dissectors to parse and display captured traffic. The BEEP (Blocks Extensible Exchange Protocol, RFC 3080) dissector implements packet parsing for the BEEP protocol. CWE-121 (stack-based buffer overflow) indicates that the dissector writes beyond allocated stack memory when processing malformed BEEP frames, likely due to insufficient bounds checking on input length or offset values. The vulnerability exists in the dissector code responsible for parsing BEEP frame headers or payloads without proper validation of packet structure.

RemediationAI

Update to Wireshark 4.6.5 or later, or to a patched version of the 4.4.x series if available (exact patched version not confirmed in provided data). Upgrade immediately if Wireshark is used for production traffic analysis or receives untrusted packet captures. As a temporary workaround pending patches, restrict BEEP traffic analysis in Wireshark by disabling the BEEP dissector in protocol preferences (Analyze → Enabled Protocols → uncheck BEEP), though this limits protocol visibility. Alternatively, process potentially malicious BEEP traffic in isolated sandbox environments with Wireshark running in a separate user context or virtual machine. Vendor advisory available at https://www.wireshark.org/security/wnpa-sec-2026-23.html; technical discussion and issue tracking at https://gitlab.com/wireshark/wireshark/-/issues/21120.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy