Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitation requires local user to open a crafted capture file (AV:L, UI:R); impact is limited to application crash with no confidentiality or integrity loss.
Primary rating from Vendor (gitlab).
CVSS VectorVendor: gitlab
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
AnalysisAI
The FMP/NOTIFY protocol dissector in Wireshark 4.6.0-4.6.6 and 4.4.0-4.4.16 crashes when processing malformed packet data, resulting in a denial of service against the application. Exploitation requires a victim to open a crafted packet capture file or analyze injected traffic, making this a social-engineering-dependent vector rather than a remotely triggerable flaw. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS vector AV:L/UI:R confirms two hard requirements: the attack is local (the malformed input must reach Wireshark's dissector either via a crafted capture file opened by the user or via traffic injected on a locally monitored interface), and active user interaction is required (a victim must open the file or initiate a capture session that includes the malformed FMP/NOTIFY packets). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.5 (Medium) reflects a constrained attack surface: AV:L indicates the exploit path runs through local file parsing or locally observed traffic rather than a direct network connection, and UI:R requires the victim to actively open or analyze the malformed input. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a packet capture file (.pcapng or similar) containing malformed FMP/NOTIFY protocol packets designed to trigger the unchecked loop condition in the dissector. The file is delivered to a security analyst or network engineer - via email, a shared repository, or a compromised capture source - who opens it in an affected Wireshark version, causing the application to crash. … |
| Remediation | The primary fix is to upgrade to Wireshark 4.6.7 (if running the 4.6.x branch) or Wireshark 4.4.17 (if running the 4.4.x branch), as confirmed by the ENISA EUVD version bounds and the vendor advisory at https://www.wireshark.org/security/wnpa-sec-2026-54.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an un
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitr
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remot
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. Rated high severity (CVSS 7.5), t
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. Rated high severity (CVSS 7.
A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8)
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injecti
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file.
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or cra
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection o
Same weakness CWE-606 – Unchecked Input for Loop Condition
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42419
GHSA-45fx-qq48-m87m