Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1494 vulnerabilities found for Wireshark by Wireshark
CERTFR-2026-AVI-0211
Vulnerability from certfr_avis - Published: 2026-02-26 - Updated: 2026-02-26
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.14",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.4",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-3201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3201"
},
{
"name": "CVE-2026-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3203"
},
{
"name": "CVE-2026-3202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3202"
}
],
"initial_release_date": "2026-02-26T00:00:00",
"last_revision_date": "2026-02-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0211",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-07",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-07.html"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-06",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-06.html"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-05",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"
}
]
}
CERTFR-2026-AVI-0048
Vulnerability from certfr_avis - Published: 2026-01-15 - Updated: 2026-01-15
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.3",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.13",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-01-15T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-02",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-03",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-04",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-01",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
}
]
}
CERTFR-2025-AVI-1062
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.12",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.2",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13946"
},
{
"name": "CVE-2025-13945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13945"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1062",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-08",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-07",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
}
]
}
CERTFR-2025-AVI-1026
Vulnerability from certfr_avis - Published: 2025-11-20 - Updated: 2025-11-20
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.11",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.1",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-11-20T00:00:00",
"last_revision_date": "2025-11-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-06",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-05",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
}
]
}
CERTFR-2025-AVI-0857
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.2.x ant\u00e9rieures \u00e0 4.2.14",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.10",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0857",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Wireshark. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-04",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
}
]
}
CVE-2026-3203 (GCVE-0-2026-3203)
Vulnerability from nvd – Published: 2026-02-25 14:36 – Updated: 2026-03-27 13:56
VLAI?
Title
Buffer Over-read in Wireshark
Summary
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
Affected: 4.4.0 , < 4.4.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:35:47.008169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:37:14.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.14",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.788Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-07.html"
},
{
"name": "GitLab Issue #21009",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21009"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "Buffer Over-read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3203",
"datePublished": "2026-02-25T14:36:00.984Z",
"dateReserved": "2026-02-25T14:35:46.001Z",
"dateUpdated": "2026-03-27T13:56:59.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3202 (GCVE-0-2026-3202)
Vulnerability from nvd – Published: 2026-02-25 14:35 – Updated: 2026-03-27 13:56
VLAI?
Title
NULL Pointer Dereference in Wireshark
Summary
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:34:52.524220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:35:16.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.690Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-06.html"
},
{
"name": "GitLab Issue #21000",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21000"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3202",
"datePublished": "2026-02-25T14:35:55.986Z",
"dateReserved": "2026-02-25T14:35:41.047Z",
"dateUpdated": "2026-03-27T13:56:59.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3201 (GCVE-0-2026-3201)
Vulnerability from nvd – Published: 2026-02-25 14:35 – Updated: 2026-03-27 13:56
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
Affected: 4.4.0 , < 4.4.14 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:56:19.264170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:56:34.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.14",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u9f50\u67ef\u5b87 (Qi Kery)"
}
],
"descriptions": [
{
"lang": "en",
"value": "USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.581Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"
},
{
"name": "GitLab Issue #20972",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20972"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3201",
"datePublished": "2026-02-25T14:35:50.969Z",
"dateReserved": "2026-02-25T14:35:36.231Z",
"dateUpdated": "2026-03-27T13:56:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0962 (GCVE-0-2026-0962)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0962",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:11:03.243903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:11:23.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fatih \u00c7elik"
}
],
"descriptions": [
{
"lang": "en",
"value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.374Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"name": "GitLab Issue #20945",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0962",
"datePublished": "2026-01-14T20:23:38.829Z",
"dateReserved": "2026-01-14T20:14:11.634Z",
"dateUpdated": "2026-03-27T13:56:59.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0961 (GCVE-0-2026-0961)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0961",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:08:01.416044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:08:38.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.242Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
},
{
"name": "GitLab Issue #20880",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20880"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0961",
"datePublished": "2026-01-14T20:23:48.832Z",
"dateReserved": "2026-01-14T20:14:06.637Z",
"dateUpdated": "2026-03-27T13:56:59.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0960 (GCVE-0-2026-0960)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0960",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:15:29.789821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:15:57.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tom Needham"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.148Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"name": "GitLab Issue #20944",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20944"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0960",
"datePublished": "2026-01-14T20:23:33.849Z",
"dateReserved": "2026-01-14T20:14:02.922Z",
"dateUpdated": "2026-03-27T13:56:59.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0959 (GCVE-0-2026-0959)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0959",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:18:08.229135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:18:44.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.047Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"name": "GitLab Issue #20939",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0959",
"datePublished": "2026-01-14T20:23:28.986Z",
"dateReserved": "2026-01-14T20:13:56.850Z",
"dateUpdated": "2026-03-27T13:56:59.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13946 (GCVE-0-2025-13946)
Vulnerability from nvd – Published: 2025-12-03 08:04 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:28:11.099019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:28:19.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.594Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"name": "GitLab Issue #20884",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2, 4.4.12, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13946",
"datePublished": "2025-12-03T08:04:54.335Z",
"dateReserved": "2025-12-03T07:33:42.822Z",
"dateUpdated": "2026-03-27T13:56:58.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13945 (GCVE-0-2025-13945)
Vulnerability from nvd – Published: 2025-12-03 08:04 – Updated: 2026-03-27 13:56
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:59:21.378576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:59:28.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S\u00e9bastien F\u00e9ry"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.495Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
},
{
"name": "GitLab Issue #20860",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20860"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13945",
"datePublished": "2025-12-03T08:04:49.403Z",
"dateReserved": "2025-12-03T07:33:37.960Z",
"dateUpdated": "2026-03-27T13:56:58.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13674 (GCVE-0-2025-13674)
Vulnerability from nvd – Published: 2025-11-26 11:33 – Updated: 2026-03-27 13:56
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T14:06:08.560289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T14:06:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BPv7 dissector crash in Wireshark 4.6.0 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.384Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
},
{
"name": "GitLab Issue #20770",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20770"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1 or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13674",
"datePublished": "2025-11-26T11:33:39.916Z",
"dateReserved": "2025-11-25T18:33:44.747Z",
"dateUpdated": "2026-03-27T13:56:58.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13499 (GCVE-0-2025-13499)
Vulnerability from nvd – Published: 2025-11-21 06:03 – Updated: 2026-03-27 13:56
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-22T04:55:20.177632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:40.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.105Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"name": "GitLab Issue #20823",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1, 4.4.11, or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13499",
"datePublished": "2025-11-21T06:03:52.020Z",
"dateReserved": "2025-11-21T05:33:17.924Z",
"dateUpdated": "2026-03-27T13:56:58.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11626 (GCVE-0-2025-11626)
Vulnerability from nvd – Published: 2025-10-10 22:33 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.10
(semver)
Affected: 4.2.0 , < 4.2.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:43:17.989074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:16:08.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.14",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:57.911Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
},
{
"name": "GitLab Issue #20724",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.10, 4.2.14, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-11626",
"datePublished": "2025-10-10T22:33:26.431Z",
"dateReserved": "2025-10-10T22:33:21.568Z",
"dateUpdated": "2026-03-27T13:56:57.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9817 (GCVE-0-2025-9817)
Vulnerability from nvd – Published: 2025-09-03 07:38 – Updated: 2026-03-27 13:56
VLAI?
Title
NULL Pointer Dereference in Wireshark
Summary
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T03:55:18.280820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:45.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.9",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.947Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"
},
{
"name": "GitLab Issue #20642",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20642"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.9 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-9817",
"datePublished": "2025-09-03T07:38:58.940Z",
"dateReserved": "2025-09-01T23:33:21.559Z",
"dateUpdated": "2026-03-27T13:56:58.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3203 (GCVE-0-2026-3203)
Vulnerability from cvelistv5 – Published: 2026-02-25 14:36 – Updated: 2026-03-27 13:56
VLAI?
Title
Buffer Over-read in Wireshark
Summary
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
Affected: 4.4.0 , < 4.4.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:35:47.008169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:37:14.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.14",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.788Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-07.html"
},
{
"name": "GitLab Issue #21009",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21009"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "Buffer Over-read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3203",
"datePublished": "2026-02-25T14:36:00.984Z",
"dateReserved": "2026-02-25T14:35:46.001Z",
"dateUpdated": "2026-03-27T13:56:59.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3202 (GCVE-0-2026-3202)
Vulnerability from cvelistv5 – Published: 2026-02-25 14:35 – Updated: 2026-03-27 13:56
VLAI?
Title
NULL Pointer Dereference in Wireshark
Summary
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:34:52.524220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:35:16.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.690Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-06.html"
},
{
"name": "GitLab Issue #21000",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/21000"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3202",
"datePublished": "2026-02-25T14:35:55.986Z",
"dateReserved": "2026-02-25T14:35:41.047Z",
"dateUpdated": "2026-03-27T13:56:59.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3201 (GCVE-0-2026-3201)
Vulnerability from cvelistv5 – Published: 2026-02-25 14:35 – Updated: 2026-03-27 13:56
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.4
(semver)
Affected: 4.4.0 , < 4.4.14 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:56:19.264170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:56:34.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.4",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.14",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u9f50\u67ef\u5b87 (Qi Kery)"
}
],
"descriptions": [
{
"lang": "en",
"value": "USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.581Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"
},
{
"name": "GitLab Issue #20972",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20972"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.4 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-3201",
"datePublished": "2026-02-25T14:35:50.969Z",
"dateReserved": "2026-02-25T14:35:36.231Z",
"dateUpdated": "2026-03-27T13:56:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0961 (GCVE-0-2026-0961)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0961",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:08:01.416044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:08:38.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.242Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
},
{
"name": "GitLab Issue #20880",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20880"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0961",
"datePublished": "2026-01-14T20:23:48.832Z",
"dateReserved": "2026-01-14T20:14:06.637Z",
"dateUpdated": "2026-03-27T13:56:59.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0962 (GCVE-0-2026-0962)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0962",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:11:03.243903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:11:23.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fatih \u00c7elik"
}
],
"descriptions": [
{
"lang": "en",
"value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.374Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"name": "GitLab Issue #20945",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0962",
"datePublished": "2026-01-14T20:23:38.829Z",
"dateReserved": "2026-01-14T20:14:11.634Z",
"dateUpdated": "2026-03-27T13:56:59.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0960 (GCVE-0-2026-0960)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0960",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:15:29.789821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:15:57.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tom Needham"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.148Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"name": "GitLab Issue #20944",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20944"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0960",
"datePublished": "2026-01-14T20:23:33.849Z",
"dateReserved": "2026-01-14T20:14:02.922Z",
"dateUpdated": "2026-03-27T13:56:59.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0959 (GCVE-0-2026-0959)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-03-27 13:56
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0959",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:18:08.229135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:18:44.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:59.047Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"name": "GitLab Issue #20939",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0959",
"datePublished": "2026-01-14T20:23:28.986Z",
"dateReserved": "2026-01-14T20:13:56.850Z",
"dateUpdated": "2026-03-27T13:56:59.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13946 (GCVE-0-2025-13946)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:04 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:28:11.099019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:28:19.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.594Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"name": "GitLab Issue #20884",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2, 4.4.12, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13946",
"datePublished": "2025-12-03T08:04:54.335Z",
"dateReserved": "2025-12-03T07:33:42.822Z",
"dateUpdated": "2026-03-27T13:56:58.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13945 (GCVE-0-2025-13945)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:04 – Updated: 2026-03-27 13:56
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:59:21.378576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:59:28.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S\u00e9bastien F\u00e9ry"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.495Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
},
{
"name": "GitLab Issue #20860",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20860"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13945",
"datePublished": "2025-12-03T08:04:49.403Z",
"dateReserved": "2025-12-03T07:33:37.960Z",
"dateUpdated": "2026-03-27T13:56:58.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13674 (GCVE-0-2025-13674)
Vulnerability from cvelistv5 – Published: 2025-11-26 11:33 – Updated: 2026-03-27 13:56
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T14:06:08.560289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T14:06:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BPv7 dissector crash in Wireshark 4.6.0 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.384Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
},
{
"name": "GitLab Issue #20770",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20770"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1 or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13674",
"datePublished": "2025-11-26T11:33:39.916Z",
"dateReserved": "2025-11-25T18:33:44.747Z",
"dateUpdated": "2026-03-27T13:56:58.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13499 (GCVE-0-2025-13499)
Vulnerability from cvelistv5 – Published: 2025-11-21 06:03 – Updated: 2026-03-27 13:56
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-22T04:55:20.177632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:40.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:58.105Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"name": "GitLab Issue #20823",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1, 4.4.11, or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13499",
"datePublished": "2025-11-21T06:03:52.020Z",
"dateReserved": "2025-11-21T05:33:17.924Z",
"dateUpdated": "2026-03-27T13:56:58.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11626 (GCVE-0-2025-11626)
Vulnerability from cvelistv5 – Published: 2025-10-10 22:33 – Updated: 2026-03-27 13:56
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.10
(semver)
Affected: 4.2.0 , < 4.2.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:43:17.989074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:16:08.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.14",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:56:57.911Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
},
{
"name": "GitLab Issue #20724",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.10, 4.2.14, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-11626",
"datePublished": "2025-10-10T22:33:26.431Z",
"dateReserved": "2025-10-10T22:33:21.568Z",
"dateUpdated": "2026-03-27T13:56:57.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}