Skip to main content

Wireshark sharkd CVE-2026-7379

| EUVDEUVD-2026-26313 MEDIUM
Memory Leak (CWE-401)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:41 nvd
Patch available
Patch available
Apr 30, 2026 - 07:01 EUVD
Analysis Generated
Apr 30, 2026 - 06:00 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 05:30 euvd
EUVD-2026-26313
Analysis Generated
Apr 30, 2026 - 05:30 vuln.today
CVE Published
Apr 30, 2026 - 05:04 nvd
MEDIUM 5.5

DescriptionCVE.org

Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Memory leak in Wireshark sharkd service versions 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to trigger denial of service through exhaustion of system memory. The vulnerability stems from improper resource cleanup (CWE-401) during packet processing, enabling a local attacker with non-privileged access to crash the sharkd daemon or degrade system performance by repeatedly invoking operations that leak memory. No active exploitation has been confirmed at time of analysis, and exploitation requires local file system access combined with user interaction.

Technical ContextAI

Sharkd is the daemon component of Wireshark, a network protocol analyzer, that provides remote packet inspection and analysis capabilities via a command-line interface or JSON-RPC API. The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), indicating that allocated memory is not properly freed during the lifecycle of packet processing operations. The affected CPE string (cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:*) confirms this impacts the Wireshark Foundation's official product. Sharkd is commonly deployed in network monitoring, packet capture analysis, and security appliance workflows where automated or interactive packet inspection occurs. The memory leak compounds during sustained or repeated operations, leading to gradual resource exhaustion and eventual denial of service when available system memory is depleted.

RemediationAI

Upgrade Wireshark and sharkd to a patched release outside the affected version ranges-recommended is the latest stable version of the 4.8.x or 5.x series. Exact fix versions should be confirmed via the Wireshark Foundation security advisory (https://www.wireshark.org/security/wnpa-sec-2026-47.html). If immediate patching is not feasible, implement the following mitigations: (1) restrict local access to sharkd via file system permissions and process isolation, limiting which users can invoke the service; (2) monitor sharkd process memory usage (RSS/VSZ) and implement automated restart policies when memory crosses defined thresholds, accepting brief service interruptions to prevent system-wide impact; (3) disable or restrict the sharkd service on systems where it is not actively required for operations; (4) if sharkd is exposed via network API, place it behind an authentication layer and rate-limit packet submission requests to slow memory exhaustion. Each mitigation carries trade-offs: memory-based auto-restart may mask the underlying issue and cause legitimate analysis interruptions, while service disablement may remove valuable packet analysis capabilities.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-7379 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy