Skip to main content

Wireshark EUVDEUVD-2026-26342

| CVE-2026-6535 MEDIUM
Improperly Controlled Sequential Memory Allocation (CWE-1325)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:16 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26342
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes application crash during zlib decompression in the packet dissection engine when processing malformed compressed traffic. Local attackers with user privileges can trigger the crash by opening a specially crafted pcap file or receiving a malicious packet capture, requiring user interaction but no authentication. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malformed zlib-compressed packet
Delivery
Distribute via pcap file or threat feed
Exploit
User opens file in Wireshark
Execution
Dissection engine attempts decompression
Persist
Memory corruption or invalid operation triggers crash
Impact
Application terminates

Vulnerability AssessmentAI

Exploitation The vulnerability requires a user to manually open a malicious pcap file or capture in Wireshark, or for Wireshark to automatically process a malformed packet with zlib-compressed content from a live network interface or saved capture. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 5.5 with AV:L/AC:L/PR:N/UI:R/S:U indicates local attack vector requiring user interaction but no privileges-realistic for a packet capture analysis tool where users routinely open untrusted pcap files. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A security analyst downloads a pcap file from a public threat intelligence feed or honeypot and opens it in Wireshark to investigate network activity. The file contains a malformed zlib-compressed packet payload. …
Remediation Upgrade to Wireshark 4.6.5 or later (for the 4.6.x branch) or to Wireshark 4.4.15 or later (for the 4.4.x branch). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26342 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy