Wireshark
Monthly
Null pointer dereference in Wireshark's ROHC protocol dissector causes application crashes across two active release branches, constituting a denial-of-service condition. Affected versions span Wireshark 4.6.0 through 4.6.5 and 4.4.0 through 4.4.15; patched releases 4.6.6 and 4.4.16 are available per the vendor advisory wnpa-sec-2026-51. The attack vector is local with required user interaction (CVSS AV:L/UI:R), meaning exploitation requires a victim to open a specially crafted packet capture file - no remote or automated exploitation path exists, and no public exploit code or active exploitation has been identified at time of analysis.
Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]
Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.
Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]
Wireshark versions 4.4.0-4.4.12 and 4.6.0-4.6.2 crash when processing malformed IEEE 802.11 wireless packets, enabling a remote denial of service attack that requires user interaction to view the malicious traffic. An attacker can exploit this out-of-bounds write vulnerability by crafting a specially formatted packet, causing the application to become unavailable without requiring authentication. No patch is currently available for this issue.
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8) that allows denial of service. Risk factors: public PoC available.
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Null pointer dereference in Wireshark's ROHC protocol dissector causes application crashes across two active release branches, constituting a denial-of-service condition. Affected versions span Wireshark 4.6.0 through 4.6.5 and 4.4.0 through 4.4.15; patched releases 4.6.6 and 4.4.16 are available per the vendor advisory wnpa-sec-2026-51. The attack vector is local with required user interaction (CVSS AV:L/UI:R), meaning exploitation requires a victim to open a specially crafted packet capture file - no remote or automated exploitation path exists, and no public exploit code or active exploitation has been identified at time of analysis.
Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]
Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.
Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]
Wireshark versions 4.4.0-4.4.12 and 4.6.0-4.6.2 crash when processing malformed IEEE 802.11 wireless packets, enabling a remote denial of service attack that requires user interaction to view the malicious traffic. An attacker can exploit this out-of-bounds write vulnerability by crafting a specially formatted packet, causing the application to become unavailable without requiring authentication. No patch is currently available for this issue.
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8) that allows denial of service. Risk factors: public PoC available.
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.