Skip to main content

Wireshark EUVDEUVD-2026-26333

| CVE-2026-6526 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:29 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26333
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:34 nvd
MEDIUM 5.5

DescriptionCVE.org

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4

AnalysisAI

Denial of service in Wireshark 4.6.0 through 4.6.4 via null pointer dereference in the RTSP protocol dissector causes application crash when processing malformed RTSP traffic. Local attackers with network access to a Wireshark instance can trigger the crash by supplying a specially crafted RTSP packet, resulting in availability impact. No public exploit code or active in-the-wild exploitation has been identified; patch availability status requires verification from vendor.

Technical ContextAI

The RTSP (Real Time Streaming Protocol) dissector in Wireshark is responsible for parsing and displaying RTSP protocol packets during network traffic analysis. The vulnerability stems from a null pointer dereference (CWE-476) in this dissector code, which occurs when the dissector attempts to access memory through an uninitialized or null pointer without proper validation. This type of flaw is a classic memory safety issue that leads to application crashes rather than code execution; the dissector fails to validate expected field presence or structure before dereferencing a pointer, causing an unhandled exception that terminates the Wireshark process.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later, which contains the fix for the RTSP dissector null pointer dereference. If immediate upgrade is not possible, operators can mitigate by restricting analysis of untrusted RTSP traffic to isolated test environments or sandboxed Wireshark instances, reducing exposure to denial-of-service impact in production monitoring contexts. Additionally, disable the RTSP dissector in Wireshark preferences if RTSP traffic analysis is not required for operational security monitoring. Consult https://www.wireshark.org/security/wnpa-sec-2026-35.html and https://gitlab.com/wireshark/wireshark/-/work_items/21173 for official guidance and release notes confirming patch deployment.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26333 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy