Skip to main content

Wireshark sharkd EUVDEUVD-2026-26312

| CVE-2026-7378 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:55 nvd
Patch available
Patch available
Apr 30, 2026 - 07:01 EUVD
Analysis Generated
Apr 30, 2026 - 06:00 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 05:30 euvd
EUVD-2026-26312
Analysis Generated
Apr 30, 2026 - 05:30 vuln.today
CVE Published
Apr 30, 2026 - 05:04 nvd
MEDIUM 5.5

DescriptionCVE.org

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark sharkd versions 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local attackers with user interaction to crash the application via a heap buffer overflow. The vulnerability requires local access and user interaction (opening a malicious file or network capture), making it a low-to-moderate priority for networked analyst workstations but not a remote code execution risk.

Technical ContextAI

sharkd is Wireshark's daemon component responsible for packet processing and network analysis. The vulnerability stems from a heap buffer overflow (CWE-122), a memory safety issue where data written to a dynamically allocated buffer exceeds its bounds. This occurs during packet parsing or capture file processing within sharkd's protocol dissectors. The local attack vector and requirement for user interaction to trigger the crash (opening a crafted capture file or connecting with a malicious packet stream) means the vulnerability cannot be exploited remotely without first delivering the malicious payload to the user's system.

RemediationAI

Upgrade to patched Wireshark versions (exact fix versions should be confirmed from https://www.wireshark.org/security/wnpa-sec-2026-49.html). As an interim compensating control, restrict opening of untrusted PCAP files and packet captures from untrusted sources until patches are applied. If sharkd is running as a network service, disable or isolate it from untrusted networks since the vulnerability requires user interaction with a malicious file. Ensure analyst training emphasizes avoiding processing suspicious capture files. Monitor sharkd process crashes and enable logging to detect potential exploitation attempts.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy