Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1614 vulnerabilities by Wireshark

    CERTFR-2026-AVI-0849

    Vulnerability from certfr_avis - Published: 2026-07-09 - Updated: 2026-07-09

    De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Wireshark Wireshark Wireshark versions 4.6.x antérieures à 4.6.7
    Wireshark Wireshark Wireshark versions antérieures à 4.4.17

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.7",
          "product": {
            "name": "Wireshark",
            "vendor": {
              "name": "Wireshark",
              "scada": false
            }
          }
        },
        {
          "description": "Wireshark versions ant\u00e9rieures \u00e0 4.4.17",
          "product": {
            "name": "Wireshark",
            "vendor": {
              "name": "Wireshark",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-15163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15163"
        },
        {
          "name": "CVE-2026-15167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15167"
        },
        {
          "name": "CVE-2026-15171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15171"
        },
        {
          "name": "CVE-2026-15169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15169"
        },
        {
          "name": "CVE-2026-15168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15168"
        },
        {
          "name": "CVE-2026-15173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15173"
        },
        {
          "name": "CVE-2026-15174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15174"
        },
        {
          "name": "CVE-2026-15170",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15170"
        },
        {
          "name": "CVE-2026-15165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15165"
        },
        {
          "name": "CVE-2026-15164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15164"
        },
        {
          "name": "CVE-2026-15172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15172"
        },
        {
          "name": "CVE-2026-15166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-15166"
        }
      ],
      "initial_release_date": "2026-07-09T00:00:00",
      "last_revision_date": "2026-07-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0849",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-07-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
      "vendor_advisories": [
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-62",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-62.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-60",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-60.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-53",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-53.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-56",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-56.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-55",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-61",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-61.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-63",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-63.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-57",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-57.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-54",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-59",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-59.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-58",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-58.html"
        },
        {
          "published_at": "2026-07-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-52",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-52.html"
        }
      ]
    }

    CERTFR-2026-AVI-0616

    Vulnerability from certfr_avis - Published: 2026-05-20 - Updated: 2026-05-20

    Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Wireshark Wireshark Wireshark versions 4.6.x antérieures à 4.6.6
    Wireshark Wireshark Wireshark versions 4.4.x antérieures à 4.4.16
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.6",
          "product": {
            "name": "Wireshark",
            "vendor": {
              "name": "Wireshark",
              "scada": false
            }
          }
        },
        {
          "description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.16",
          "product": {
            "name": "Wireshark",
            "vendor": {
              "name": "Wireshark",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-05-20T00:00:00",
      "last_revision_date": "2026-05-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0616",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Wireshark. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Wireshark",
      "vendor_advisories": [
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-51",
          "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"
        }
      ]
    }

    CVE-2026-15168 (GCVE-0-2026-15168)

    Vulnerability from nvd – Published: 2026-07-08 21:47 – Updated: 2026-07-09 13:54
    VLAI
    Title
    Use of Uninitialized Variable in Wireshark
    Summary
    BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Thai Duong Tran
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15168",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:53:59.967240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:54:17.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thai Duong Tran"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457: Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:47:19.856Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-60.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Use of Uninitialized Variable in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15168",
        "datePublished": "2026-07-08T21:47:19.856Z",
        "dateReserved": "2026-07-08T20:45:38.879Z",
        "dateUpdated": "2026-07-09T13:54:17.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15174 (GCVE-0-2026-15174)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:14
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Michael Bommarito
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15174",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:14:34.596925Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:14:37.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Bommarito"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:25.274Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-52.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15174",
        "datePublished": "2026-07-08T20:51:25.274Z",
        "dateReserved": "2026-07-08T20:46:08.884Z",
        "dateUpdated": "2026-07-09T13:14:37.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15173 (GCVE-0-2026-15173)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Mitchell Benjamin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15173",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:44:18.595204Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:44:23.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mitchell Benjamin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:15.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-53.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15173",
        "datePublished": "2026-07-08T20:51:15.275Z",
        "dateReserved": "2026-07-08T20:46:03.869Z",
        "dateUpdated": "2026-07-09T13:44:23.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15172 (GCVE-0-2026-15172)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:42
    VLAI
    Title
    Unchecked Input for Loop Condition in Wireshark
    Summary
    FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Gabriel Rodrigues
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:42:40.189292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:42:52.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriel Rodrigues"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:20.287Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21347"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Unchecked Input for Loop Condition in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15172",
        "datePublished": "2026-07-08T20:51:20.287Z",
        "dateReserved": "2026-07-08T20:45:58.875Z",
        "dateUpdated": "2026-07-09T13:42:52.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15171 (GCVE-0-2026-15171)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Dmitrijs Trizna
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15171",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:44:51.561918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:44:55.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrijs Trizna"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:10.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15171",
        "datePublished": "2026-07-08T20:51:10.283Z",
        "dateReserved": "2026-07-08T20:45:53.857Z",
        "dateUpdated": "2026-07-09T13:44:55.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15170 (GCVE-0-2026-15170)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:46
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15170",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:46:27.644761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:46:30.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:50.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-58.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15170",
        "datePublished": "2026-07-08T20:50:50.275Z",
        "dateReserved": "2026-07-08T20:45:48.875Z",
        "dateUpdated": "2026-07-09T13:46:30.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15169 (GCVE-0-2026-15169)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:45
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15169",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:45:23.407997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:45:27.007Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:05.273Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-59.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15169",
        "datePublished": "2026-07-08T20:51:05.273Z",
        "dateReserved": "2026-07-08T20:45:43.874Z",
        "dateUpdated": "2026-07-09T13:45:27.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15167 (GCVE-0-2026-15167)

    Vulnerability from nvd – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:45
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Nguyen Huu Trung
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:45:52.891240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:45:58.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nguyen Huu Trung"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:00.295Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-62.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21352"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15167",
        "datePublished": "2026-07-08T20:51:00.295Z",
        "dateReserved": "2026-07-08T20:45:33.866Z",
        "dateUpdated": "2026-07-09T13:45:58.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15166 (GCVE-0-2026-15166)

    Vulnerability from nvd – Published: 2026-07-08 20:55 – Updated: 2026-07-09 13:13
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15166",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:13:42.996528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:13:51.109Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:55:55.070Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-57.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15166",
        "datePublished": "2026-07-08T20:55:55.070Z",
        "dateReserved": "2026-07-08T20:45:28.864Z",
        "dateUpdated": "2026-07-09T13:13:51.109Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15165 (GCVE-0-2026-15165)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:47
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15165",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:46:53.770490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:47:02.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:45.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-56.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15165",
        "datePublished": "2026-07-08T20:50:45.283Z",
        "dateReserved": "2026-07-08T20:45:23.874Z",
        "dateUpdated": "2026-07-09T13:47:02.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15164 (GCVE-0-2026-15164)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:50
    VLAI
    Title
    Heap-based Buffer Overflow in ciscodump
    Summary
    Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation ciscodump Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    0sec and Doruk Tan Ozturk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:50:05.522806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:50:08.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ciscodump",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0sec and Doruk Tan Ozturk"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:35.393Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-63.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in ciscodump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15164",
        "datePublished": "2026-07-08T20:50:35.393Z",
        "dateReserved": "2026-07-08T20:45:18.867Z",
        "dateUpdated": "2026-07-09T13:50:08.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15163 (GCVE-0-2026-15163)

    Vulnerability from nvd – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:49
    VLAI
    Title
    Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
    Summary
    Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:49:18.560769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:49:25.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:40.278Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-61.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21275"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21277"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21330"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15163",
        "datePublished": "2026-07-08T20:50:40.278Z",
        "dateReserved": "2026-07-08T20:45:13.994Z",
        "dateUpdated": "2026-07-09T13:49:25.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9759 (GCVE-0-2026-9759)

    Vulnerability from nvd – Published: 2026-05-27 18:33 – Updated: 2026-05-27 19:36
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.6 (semver)
    Affected: 4.4.0 , < 4.4.16 (semver)
    Create a notification for this product.
    Credits
    Arjun Basnet @ Securin Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T19:35:43.254414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T19:36:26.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.6",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.16",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arjun Basnet @ Securin Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:33:18.742Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Wireshark 4.6.6 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-9759",
        "datePublished": "2026-05-27T18:33:18.742Z",
        "dateReserved": "2026-05-27T18:16:39.521Z",
        "dateUpdated": "2026-05-27T19:36:26.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6525 (GCVE-0-2026-6525)

    Vulnerability from nvd – Published: 2026-05-02 11:33 – Updated: 2026-05-04 14:59
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.5 (semver)
    Create a notification for this product.
    Credits
    Nils Bagge
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T14:58:39.606065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T14:59:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nils Bagge"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T11:33:33.147Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-6525",
        "datePublished": "2026-05-02T11:33:33.147Z",
        "dateReserved": "2026-04-17T15:05:37.692Z",
        "dateUpdated": "2026-05-04T14:59:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15168 (GCVE-0-2026-15168)

    Vulnerability from cvelistv5 – Published: 2026-07-08 21:47 – Updated: 2026-07-09 13:54
    VLAI
    Title
    Use of Uninitialized Variable in Wireshark
    Summary
    BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Thai Duong Tran
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15168",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:53:59.967240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:54:17.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thai Duong Tran"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457: Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:47:19.856Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-60.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21361"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Use of Uninitialized Variable in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15168",
        "datePublished": "2026-07-08T21:47:19.856Z",
        "dateReserved": "2026-07-08T20:45:38.879Z",
        "dateUpdated": "2026-07-09T13:54:17.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15166 (GCVE-0-2026-15166)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:55 – Updated: 2026-07-09 13:13
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15166",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:13:42.996528Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:13:51.109Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:55:55.070Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-57.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15166",
        "datePublished": "2026-07-08T20:55:55.070Z",
        "dateReserved": "2026-07-08T20:45:28.864Z",
        "dateUpdated": "2026-07-09T13:13:51.109Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15174 (GCVE-0-2026-15174)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:14
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Michael Bommarito
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15174",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:14:34.596925Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:14:37.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Bommarito"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:25.274Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-52.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15174",
        "datePublished": "2026-07-08T20:51:25.274Z",
        "dateReserved": "2026-07-08T20:46:08.884Z",
        "dateUpdated": "2026-07-09T13:14:37.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15172 (GCVE-0-2026-15172)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:42
    VLAI
    Title
    Unchecked Input for Loop Condition in Wireshark
    Summary
    FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-606 - Unchecked Input for Loop Condition
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Gabriel Rodrigues
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15172",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:42:40.189292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:42:52.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gabriel Rodrigues"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-606",
                  "description": "CWE-606: Unchecked Input for Loop Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:20.287Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-54.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21347"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Unchecked Input for Loop Condition in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15172",
        "datePublished": "2026-07-08T20:51:20.287Z",
        "dateReserved": "2026-07-08T20:45:58.875Z",
        "dateUpdated": "2026-07-09T13:42:52.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15173 (GCVE-0-2026-15173)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Mitchell Benjamin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15173",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:44:18.595204Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:44:23.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mitchell Benjamin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:15.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-53.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21285"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15173",
        "datePublished": "2026-07-08T20:51:15.275Z",
        "dateReserved": "2026-07-08T20:46:03.869Z",
        "dateUpdated": "2026-07-09T13:44:23.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15171 (GCVE-0-2026-15171)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:44
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Dmitrijs Trizna
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15171",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:44:51.561918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:44:55.663Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrijs Trizna"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:10.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-55.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21378"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15171",
        "datePublished": "2026-07-08T20:51:10.283Z",
        "dateReserved": "2026-07-08T20:45:53.857Z",
        "dateUpdated": "2026-07-09T13:44:55.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15169 (GCVE-0-2026-15169)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:45
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15169",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:45:23.407997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:45:27.007Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:05.273Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-59.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15169",
        "datePublished": "2026-07-08T20:51:05.273Z",
        "dateReserved": "2026-07-08T20:45:43.874Z",
        "dateUpdated": "2026-07-09T13:45:27.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15167 (GCVE-0-2026-15167)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:51 – Updated: 2026-07-09 13:45
    VLAI
    Title
    Stack-based Buffer Overflow in Wireshark
    Summary
    DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Nguyen Huu Trung
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:45:52.891240Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:45:58.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nguyen Huu Trung"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:51:00.295Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-62.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21352"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Stack-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15167",
        "datePublished": "2026-07-08T20:51:00.295Z",
        "dateReserved": "2026-07-08T20:45:33.866Z",
        "dateUpdated": "2026-07-09T13:45:58.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15170 (GCVE-0-2026-15170)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:46
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15170",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:46:27.644761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:46:30.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:50.275Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-58.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21397"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15170",
        "datePublished": "2026-07-08T20:50:50.275Z",
        "dateReserved": "2026-07-08T20:45:48.875Z",
        "dateUpdated": "2026-07-09T13:46:30.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15165 (GCVE-0-2026-15165)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:47
    VLAI
    Title
    Heap-based Buffer Overflow in Wireshark
    Summary
    TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Create a notification for this product.
    Credits
    Claude and Ada Logics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15165",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:46:53.770490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:47:02.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Claude and Ada Logics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:45.283Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-56.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21390"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15165",
        "datePublished": "2026-07-08T20:50:45.283Z",
        "dateReserved": "2026-07-08T20:45:23.874Z",
        "dateUpdated": "2026-07-09T13:47:02.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15163 (GCVE-0-2026-15163)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:49
    VLAI
    Title
    Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
    Summary
    Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:49:18.560769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:49:25.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:40.278Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-61.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21275"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21277"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21330"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21383"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15163",
        "datePublished": "2026-07-08T20:50:40.278Z",
        "dateReserved": "2026-07-08T20:45:13.994Z",
        "dateUpdated": "2026-07-09T13:49:25.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15164 (GCVE-0-2026-15164)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:50 – Updated: 2026-07-09 13:50
    VLAI
    Title
    Heap-based Buffer Overflow in ciscodump
    Summary
    Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation ciscodump Affected: 4.6.0 , < 4.6.7 (semver)
    Affected: 4.4.0 , < 4.4.17 (semver)
    Create a notification for this product.
    Credits
    0sec and Doruk Tan Ozturk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:50:05.522806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:50:08.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ciscodump",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.17",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0sec and Doruk Tan Ozturk"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:50:35.393Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-63.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.7 or above"
            }
          ],
          "title": "Heap-based Buffer Overflow in ciscodump"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-15164",
        "datePublished": "2026-07-08T20:50:35.393Z",
        "dateReserved": "2026-07-08T20:45:18.867Z",
        "dateUpdated": "2026-07-09T13:50:08.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9759 (GCVE-0-2026-9759)

    Vulnerability from cvelistv5 – Published: 2026-05-27 18:33 – Updated: 2026-05-27 19:36
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.6 (semver)
    Affected: 4.4.0 , < 4.4.16 (semver)
    Create a notification for this product.
    Credits
    Arjun Basnet @ Securin Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T19:35:43.254414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T19:36:26.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.6",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.4.16",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arjun Basnet @ Securin Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:33:18.742Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Wireshark 4.6.6 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-9759",
        "datePublished": "2026-05-27T18:33:18.742Z",
        "dateReserved": "2026-05-27T18:16:39.521Z",
        "dateUpdated": "2026-05-27T19:36:26.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6525 (GCVE-0-2026-6525)

    Vulnerability from cvelistv5 – Published: 2026-05-02 11:33 – Updated: 2026-05-04 14:59
    VLAI
    Title
    NULL Pointer Dereference in Wireshark
    Summary
    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Wireshark Foundation Wireshark Affected: 4.6.0 , < 4.6.5 (semver)
    Create a notification for this product.
    Credits
    Nils Bagge
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T14:58:39.606065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T14:59:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Wireshark",
              "vendor": "Wireshark Foundation",
              "versions": [
                {
                  "lessThan": "4.6.5",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nils Bagge"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T11:33:33.147Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"
            },
            {
              "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 4.6.5 or above"
            }
          ],
          "title": "NULL Pointer Dereference in Wireshark"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-6525",
        "datePublished": "2026-05-02T11:33:33.147Z",
        "dateReserved": "2026-04-17T15:05:37.692Z",
        "dateUpdated": "2026-05-04T14:59:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }