Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    282 vulnerabilities by Wireshark Foundation

    CVE-2026-15168 (GCVE-0-2026-15168)

    Vulnerability from nvd – Published: 2026-07-08 21:47 – Updated: 2026-07-08 21:47
    VLAI
    Title
    Use of Uninitialized Variable in Wireshark
    Summary
    BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Thai Duong Tran
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thai Duong Tran"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457: Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:47:19.856Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-60.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Use of Uninitialized Variable in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15168",
        "datePublished": "2026-07-08T21:47:19.856Z",
        "dateReserved": "2026-07-08T20:45:38.879Z",
        "dateUpdated": "2026-07-08T21:47:19.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15174 (GCVE-0-2026-15174)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Michael Bommarito
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Bommarito"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:25.274Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-52.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15174",
        "datePublished": "2026-07-08T20:51:25.274Z",
        "dateReserved": "2026-07-08T20:46:08.884Z",
        "dateUpdated": "2026-07-08T20:51:25.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15173 (GCVE-0-2026-15173)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Mitchell Benjamin
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mitchell Benjamin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:15.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-53.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15173",
        "datePublished": "2026-07-08T20:51:15.275Z",
        "dateReserved": "2026-07-08T20:46:03.869Z",
        "dateUpdated": "2026-07-08T20:51:15.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15172 (GCVE-0-2026-15172)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Unchecked Input for Loop Condition in Wireshark
    Summary
    FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Gabriel Rodrigues
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriel Rodrigues"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:20.287Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21347"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Unchecked Input for Loop Condition in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15172",
        "datePublished": "2026-07-08T20:51:20.287Z",
        "dateReserved": "2026-07-08T20:45:58.875Z",
        "dateUpdated": "2026-07-08T20:51:20.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15171 (GCVE-0-2026-15171)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Dmitrijs Trizna
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrijs Trizna"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:10.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15171",
        "datePublished": "2026-07-08T20:51:10.283Z",
        "dateReserved": "2026-07-08T20:45:53.857Z",
        "dateUpdated": "2026-07-08T20:51:10.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15170 (GCVE-0-2026-15170)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:50.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-58.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15170",
        "datePublished": "2026-07-08T20:50:50.275Z",
        "dateReserved": "2026-07-08T20:45:48.875Z",
        "dateUpdated": "2026-07-08T20:50:50.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15169 (GCVE-0-2026-15169)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:05.273Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-59.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15169",
        "datePublished": "2026-07-08T20:51:05.273Z",
        "dateReserved": "2026-07-08T20:45:43.874Z",
        "dateUpdated": "2026-07-08T20:51:05.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15167 (GCVE-0-2026-15167)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Nguyen Huu Trung
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nguyen Huu Trung"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:00.295Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-62.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21352"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15167",
        "datePublished": "2026-07-08T20:51:00.295Z",
        "dateReserved": "2026-07-08T20:45:33.866Z",
        "dateUpdated": "2026-07-08T20:51:00.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15166 (GCVE-0-2026-15166)

    Vulnerability from nvd – Published: 2026-07-08 20:55 – Updated: 2026-07-08 20:55
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:55:55.070Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-57.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15166",
        "datePublished": "2026-07-08T20:55:55.070Z",
        "dateReserved": "2026-07-08T20:45:28.864Z",
        "dateUpdated": "2026-07-08T20:55:55.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15165 (GCVE-0-2026-15165)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:45.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-56.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15165",
        "datePublished": "2026-07-08T20:50:45.283Z",
        "dateReserved": "2026-07-08T20:45:23.874Z",
        "dateUpdated": "2026-07-08T20:50:45.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15164 (GCVE-0-2026-15164)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in ciscodump
    Summary
    Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation ciscodump Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    0sec and Doruk Tan Ozturk
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ciscodump",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0sec and Doruk Tan Ozturk"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:35.393Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-63.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in ciscodump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15164",
        "datePublished": "2026-07-08T20:50:35.393Z",
        "dateReserved": "2026-07-08T20:45:18.867Z",
        "dateUpdated": "2026-07-08T20:50:35.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15163 (GCVE-0-2026-15163)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
    Summary
    Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:40.278Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-61.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21275"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21277"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21330"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15163",
        "datePublished": "2026-07-08T20:50:40.278Z",
        "dateReserved": "2026-07-08T20:45:13.994Z",
        "dateUpdated": "2026-07-08T20:50:40.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9759 (GCVE-0-2026-9759)

    Vulnerability from nvd – Published: 2026-05-27 18:33 – Updated: 2026-05-27 19:36
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.6 (semver)
    Affected: 4.4.0 , < 4.4.16 (semver)
    Create a notification for this product.
    Credits
    Arjun Basnet @ Securin Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T19:35:43.254414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T19:36:26.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.6",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.16",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arjun Basnet @ Securin Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:33:18.742Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Wireshark 4.6.6 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-9759",
        "datePublished": "2026-05-27T18:33:18.742Z",
        "dateReserved": "2026-05-27T18:16:39.521Z",
        "dateUpdated": "2026-05-27T19:36:26.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6525 (GCVE-0-2026-6525)

    Vulnerability from nvd – Published: 2026-05-02 11:33 – Updated: 2026-05-04 14:59
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.5 (semver)
    Create a notification for this product.
    Credits
    Nils Bagge
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T14:58:39.606065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T14:59:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nils Bagge"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T11:33:33.147Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-6525",
        "datePublished": "2026-05-02T11:33:33.147Z",
        "dateReserved": "2026-04-17T15:05:37.692Z",
        "dateUpdated": "2026-05-04T14:59:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5656 (GCVE-0-2026-5656)

    Vulnerability from nvd – Published: 2026-04-30 23:03 – Updated: 2026-06-30 12:11
    VLAI
    Title
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark
    Summary
    Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Credits
    TODO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5656",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:29.128Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-30T23:03:58.516Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Wireshark. A path traversal can occur when a malformed configuration profile is imported, resulting in a denial of service or potentially in code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:11:15.043Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-5656"
              },
              {
                "name": "RHBZ#2464276",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464276"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5656.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26182"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20600"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:26182: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20600: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:01:16.202Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-30T23:03:58.516Z",
                "value": "Made public."
              }
            ],
            "title": "wireshark: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Wireshark",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this flaw, do not import configuration profiles from untrusted or unverified sources."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.15",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "TODO"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T23:03:58.516Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-21.html"
            },
            {
              "name": "GitLab Issue #21115",
              "tags": [
                "issue-tracking",
                "permissions-required"
              ],
              "url": "https://gitlab.com/wireshark/wireshark/-/issues/21115"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-5656",
        "datePublished": "2026-04-30T23:03:58.516Z",
        "dateReserved": "2026-04-06T06:34:06.344Z",
        "dateUpdated": "2026-06-30T12:11:15.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5405 (GCVE-0-2026-5405)

    Vulnerability from nvd – Published: 2026-04-30 23:03 – Updated: 2026-06-30 12:11
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Credits
    Duc Anh Nguyen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-02T03:55:30.982524Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T19:41:26.095Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-30T23:03:53.654Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the RDP protocol dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a heap-based buffer overflow, resulting in a denial of service or potentially in code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:11:16.793Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-5405"
              },
              {
                "name": "RHBZ#2464273",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464273"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5405.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26182"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20600"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:26182: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20600: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:01:04.898Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-30T23:03:53.654Z",
                "value": "Made public."
              }
            ],
            "title": "wireshark: Heap-based Buffer Overflow in Wireshark",
            "workarounds": [
              {
                "lang": "en",
                "value": "If the RDP protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\n\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\n\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.15",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Duc Anh Nguyen"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T23:03:53.654Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-17.html"
            },
            {
              "name": "GitLab Issue #21105",
              "tags": [
                "issue-tracking",
                "permissions-required"
              ],
              "url": "https://gitlab.com/wireshark/wireshark/-/issues/21105"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-5405",
        "datePublished": "2026-04-30T23:03:53.654Z",
        "dateReserved": "2026-04-02T06:33:26.681Z",
        "dateUpdated": "2026-06-30T12:11:16.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15168 (GCVE-0-2026-15168)

    Vulnerability from cvelistv5 – Published: 2026-07-08 21:47 – Updated: 2026-07-08 21:47
    VLAI
    Title
    Use of Uninitialized Variable in Wireshark
    Summary
    BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Thai Duong Tran
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thai Duong Tran"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457: Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:47:19.856Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-60.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Use of Uninitialized Variable in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15168",
        "datePublished": "2026-07-08T21:47:19.856Z",
        "dateReserved": "2026-07-08T20:45:38.879Z",
        "dateUpdated": "2026-07-08T21:47:19.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15166 (GCVE-0-2026-15166)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:55 – Updated: 2026-07-08 20:55
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:55:55.070Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-57.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15166",
        "datePublished": "2026-07-08T20:55:55.070Z",
        "dateReserved": "2026-07-08T20:45:28.864Z",
        "dateUpdated": "2026-07-08T20:55:55.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15174 (GCVE-0-2026-15174)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Michael Bommarito
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Bommarito"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:25.274Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-52.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15174",
        "datePublished": "2026-07-08T20:51:25.274Z",
        "dateReserved": "2026-07-08T20:46:08.884Z",
        "dateUpdated": "2026-07-08T20:51:25.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15172 (GCVE-0-2026-15172)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Unchecked Input for Loop Condition in Wireshark
    Summary
    FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Gabriel Rodrigues
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriel Rodrigues"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:20.287Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21347"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Unchecked Input for Loop Condition in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15172",
        "datePublished": "2026-07-08T20:51:20.287Z",
        "dateReserved": "2026-07-08T20:45:58.875Z",
        "dateUpdated": "2026-07-08T20:51:20.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15173 (GCVE-0-2026-15173)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Mitchell Benjamin
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mitchell Benjamin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:15.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-53.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15173",
        "datePublished": "2026-07-08T20:51:15.275Z",
        "dateReserved": "2026-07-08T20:46:03.869Z",
        "dateUpdated": "2026-07-08T20:51:15.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15171 (GCVE-0-2026-15171)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Dmitrijs Trizna
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrijs Trizna"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:10.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15171",
        "datePublished": "2026-07-08T20:51:10.283Z",
        "dateReserved": "2026-07-08T20:45:53.857Z",
        "dateUpdated": "2026-07-08T20:51:10.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15169 (GCVE-0-2026-15169)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:05.273Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-59.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15169",
        "datePublished": "2026-07-08T20:51:05.273Z",
        "dateReserved": "2026-07-08T20:45:43.874Z",
        "dateUpdated": "2026-07-08T20:51:05.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15167 (GCVE-0-2026-15167)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-08 20:51
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Nguyen Huu Trung
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nguyen Huu Trung"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:00.295Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-62.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21352"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15167",
        "datePublished": "2026-07-08T20:51:00.295Z",
        "dateReserved": "2026-07-08T20:45:33.866Z",
        "dateUpdated": "2026-07-08T20:51:00.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15170 (GCVE-0-2026-15170)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:50.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-58.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15170",
        "datePublished": "2026-07-08T20:50:50.275Z",
        "dateReserved": "2026-07-08T20:45:48.875Z",
        "dateUpdated": "2026-07-08T20:50:50.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15165 (GCVE-0-2026-15165)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:45.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-56.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15165",
        "datePublished": "2026-07-08T20:50:45.283Z",
        "dateReserved": "2026-07-08T20:45:23.874Z",
        "dateUpdated": "2026-07-08T20:50:45.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15163 (GCVE-0-2026-15163)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
    Summary
    Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:40.278Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-61.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21275"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21277"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21330"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15163",
        "datePublished": "2026-07-08T20:50:40.278Z",
        "dateReserved": "2026-07-08T20:45:13.994Z",
        "dateUpdated": "2026-07-08T20:50:40.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15164 (GCVE-0-2026-15164)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-08 20:50
    VLAI
    Title
    Heap-based Buffer Overflow in ciscodump
    Summary
    Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation ciscodump Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    0sec and Doruk Tan Ozturk
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ciscodump",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0sec and Doruk Tan Ozturk"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:35.393Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-63.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in ciscodump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15164",
        "datePublished": "2026-07-08T20:50:35.393Z",
        "dateReserved": "2026-07-08T20:45:18.867Z",
        "dateUpdated": "2026-07-08T20:50:35.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9759 (GCVE-0-2026-9759)

    Vulnerability from cvelistv5 – Published: 2026-05-27 18:33 – Updated: 2026-05-27 19:36
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.6 (semver)
    Affected: 4.4.0 , < 4.4.16 (semver)
    Create a notification for this product.
    Credits
    Arjun Basnet @ Securin Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T19:35:43.254414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T19:36:26.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.6",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.16",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arjun Basnet @ Securin Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:33:18.742Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Wireshark 4.6.6 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-9759",
        "datePublished": "2026-05-27T18:33:18.742Z",
        "dateReserved": "2026-05-27T18:16:39.521Z",
        "dateUpdated": "2026-05-27T19:36:26.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6525 (GCVE-0-2026-6525)

    Vulnerability from cvelistv5 – Published: 2026-05-02 11:33 – Updated: 2026-05-04 14:59
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.5 (semver)
    Create a notification for this product.
    Credits
    Nils Bagge
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T14:58:39.606065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T14:59:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nils Bagge"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T11:33:33.147Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-6525",
        "datePublished": "2026-05-02T11:33:33.147Z",
        "dateReserved": "2026-04-17T15:05:37.692Z",
        "dateUpdated": "2026-05-04T14:59:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }