Skip to main content

Wireshark CVE-2026-7375

| EUVDEUVD-2026-26310 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:00 nvd
Patch available
Patch available
Apr 30, 2026 - 07:01 EUVD
Analysis Generated
Apr 30, 2026 - 06:00 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 05:30 euvd
EUVD-2026-26310
Analysis Generated
Apr 30, 2026 - 05:30 vuln.today
CVE Published
Apr 30, 2026 - 05:04 nvd
MEDIUM 5.5

DescriptionCVE.org

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in the UDS protocol dissector allows local attackers to crash the application by opening a specially crafted packet capture file. The vulnerability requires user interaction (opening a malicious file) and is triggered during packet dissection, affecting the availability of the analysis tool but not confidentiality or integrity.

Technical ContextAI

Wireshark is a packet analysis tool that uses protocol dissectors to parse network traffic. The UDS (Unified Diagnostic Services) dissector is a specialized parser for OBD-II diagnostic protocol packets used in automotive systems. The vulnerability is rooted in CWE-835 (Infinite Loop), a logic error in the dissector's packet parsing routine that fails to properly validate or bound loop conditions, causing the dissector to enter an infinite loop when processing malformed or specially crafted UDS frames. This affects the dissector's state machine or packet field processing logic.

RemediationAI

Upgrade to patched versions: Wireshark 4.6.5 or later, or Wireshark 4.4.15 or later (exact fix versions to be confirmed via Wireshark Foundation release notes at https://www.wireshark.org/security/wnpa-sec-2026-50.html). As a temporary workaround pending patch deployment, disable or restrict the UDS dissector in Wireshark's dissector preferences (Analyze → Enabled Protocols, uncheck 'UDS') to prevent the infinite loop from triggering, though this will prevent analysis of diagnostic protocol traffic until patching is complete. Additionally, implement file validation practices by scanning PCAP files with a separate packet validator or using sandboxed analysis environments before opening potentially untrusted captures in production analysis instances.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-7375 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy