Skip to main content

Wireshark CVE-2026-6870

| EUVDEUVD-2026-26348 MEDIUM
Access of Uninitialized Pointer (CWE-824)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:11 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:45 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26348
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:33 nvd
MEDIUM 5.5

DescriptionCVE.org

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service via crash in the GSM RP protocol dissector affects Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with user privileges can trigger a dissector crash by crafting a malicious GSM RP packet and inducing a user to open it, causing application termination and loss of packet capture session. CVSS 5.5 reflects local attack vector and user interaction requirement; no remote exploitation path identified.

Technical ContextAI

The GSM RP (Short Message Service Relay Protocol) dissector in Wireshark processes binary protocol frames during packet analysis. The vulnerability originates in CWE-824 (Access of Uninitialized Pointer), indicating the dissector dereferences an uninitialized or incorrectly validated pointer when parsing crafted GSM RP packets. This memory corruption fault causes the dissector to crash, terminating the Wireshark process. The affected versions span two minor release lines: the 4.6.x series (0-4) and the older 4.4.x series (0-14), suggesting the defect persists across protocol handler refactoring or was introduced in an earlier common codebase.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later, or 4.4.15 or later, per the official advisory at https://www.wireshark.org/security/wnpa-sec-2026-43.html. For users unable to patch immediately, avoid opening untrusted or suspicious PCAP files and packet captures from unknown sources. If analysis of potentially malicious captures is necessary, isolate the Wireshark instance on a non-critical system and use command-line tools (tcpdump, tshark output modes) to pre-screen files before opening in the GUI. These mitigations trade convenience for reduced exposure to local DoS attacks.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy