Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
File-based local delivery (AV:L), precise PCAP crafting required (AC:H), no attacker privileges needed (PR:N), user must actively process file (UI:R); read-only flaw limits impact to partial disclosure and crash.
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
Primary rating from Vendor (redhat).
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.
AnalysisAI
Out-of-bounds read vulnerabilities in GStreamer's pcapparse element expose Red Hat Enterprise Linux 6 through 10 users to potential application crashes or limited memory disclosure when processing malformed PCAP files. The flaws reside in IPv4/TCP header parsing logic, where specially crafted PCAP records trigger reads beyond buffer boundaries across multiple code paths. Real-world exposure is materially constrained by pcapparse's restriction to debugging pipelines, the requirement for local user interaction, and high attack complexity; no public exploit or active exploitation has been identified at time of analysis.
Technical ContextAI
The pcapparse element is a GStreamer plugin that ingests PCAP (Packet CAPture) network trace files - a format widely used by network engineers and developers for debugging and traffic replay. GStreamer is a multimedia and data-flow framework distributed as a standard component of Red Hat Enterprise Linux. CWE-125 (Out-of-Bounds Read) identifies the root cause: the parser fails to validate record offsets or lengths before reading IPv4 and TCP header fields from the input buffer, allowing reads into adjacent memory regions. The plural nature of the vulnerability ('multiple' OOB reads) indicates that several distinct code paths within the IPv4/TCP header parsing logic share the same class of bounds-check omission. CPE strings confirm affected deployments span RHEL 6, 7, 8, 9, and 10 as distributed by Red Hat, though upstream GStreamer version ranges are not independently specified in the available intelligence.
RemediationAI
No vendor-released patch with a specific version number has been confirmed at time of analysis. An upstream GitLab work item (https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5106) indicates the issue is being tracked, but no tagged release or merged fix has been independently verified from available data. Monitor the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-52721 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2486732 for patch availability and apply any issued RHSA errata promptly. As an immediate compensating control, disable or remove GStreamer's pcapparse plugin from any environment where it is not actively required for debugging - this directly eliminates the attack surface with no functional impact on production workloads, since pcapparse serves no role outside PCAP debugging pipelines. Additionally, enforce policies against processing PCAP files sourced from untrusted parties using GStreamer tooling.
More in Red Hat Enterprise Linux 10
View allRemote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h
Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft
Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter
HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel
HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls
Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege
HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user
Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co
Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap
Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP6 | Affected |
| SUSE Linux Enterprise Server 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Proxy LTS 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE Manager Server LTS 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Affected |
| SUSE Enterprise Storage 6 | Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 | Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Affected |
| SUSE Linux Enterprise Server 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15-LTSS | Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Not-Affected |
| SUSE Manager Proxy 4.0 | Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Server 4.0 | Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| SUSE OpenStack Cloud 7 | Not-Affected |
| SUSE OpenStack Cloud 8 | Not-Affected |
| SUSE OpenStack Cloud 9 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 8 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 9 | Not-Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36800
GHSA-9qf3-vv3w-6xw5