Skip to main content

Wireshark EUVDEUVD-2026-26332

| CVE-2026-6524 MEDIUM
Access of Uninitialized Pointer (CWE-824)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:27 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26332
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:34 nvd
MEDIUM 5.5

DescriptionCVE.org

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Wireshark's protocol dissectors parse network traffic across hundreds of protocols for real-time and forensic analysis. The MySQL dissector is responsible for decoding MySQL protocol frames within captured packets. CWE-824 (Access of Uninitialized Pointer) indicates the dissector attempts to dereference a pointer variable that was never properly initialized, likely during parsing of specific MySQL frame structures. When a specially crafted MySQL protocol packet is processed, the uninitialized pointer is dereferenced, triggering a memory access violation (segmentation fault) that terminates the dissector and crashes the Wireshark application. The vulnerability affects versions 4.6.0 through 4.6.4 (current 4.6.x line) and 4.4.0 through 4.4.14 (legacy 4.4.x line), with CPE identifying all Wireshark Foundation releases within these ranges.

RemediationAI

Upgrade to Wireshark version 4.6.5 or later (for 4.6.x users) or 4.4.15 or later (for 4.4.x users) to patch the MySQL dissector pointer initialization flaw. The patch is available from the Wireshark Foundation download page and integrated into all subsequent releases. If immediate upgrade is not feasible, disable the MySQL dissector via Wireshark's Protocol Preferences (Edit → Preferences → Protocols → MySQL, uncheck 'Enabled') to prevent parsing of MySQL frames and block the crash vector; this workaround sacrifices MySQL protocol visibility but eliminates denial-of-service risk. For teams processing untrusted pcap files in automated pipelines, implement file validation and sandboxing: restrict Wireshark execution to isolated systems, validate pcap file headers before processing, and avoid opening pcaps from untrusted sources. Monitor Wireshark application logs for segmentation faults or crashes during pcap analysis as an indicator of exploitation attempts.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy