Description
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Published: 2026-01-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An out-of-bounds write in the BLF file parser causes Wireshark to crash when it processes a crafted BLF file. The vulnerability is classified as CWE-787 and can cause a denial of service if Wireshark processes a crafted BLF file. The potential attack vector is not explicitly described, but it appears to require malicious file input. No escalation of privileges or remote code execution is described in the available data, so the effect is limited to service interruption.

Affected Systems

Wireshark Foundation’s Wireshark suffers from this flaw in versions 4.6.0 through 4.6.2 and 4.4.0 through 4.4.12. Any system running one of those releases and that accepts external BLF files is vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity, and the EPSS score of less than 1% suggests a low probability that this weakness will be actively exploited. The issue is not listed in the CISA KEV catalog, further implying limited existing exploitation. The likely attack condition requires a user or an attacker to provide a crafted BLF file to Wireshark, making it most relevant in environments where untrusted files can be opened. Based on the description, the specific origin of the attacker is not explicitly stated.

Generated by OpenCVE AI on April 18, 2026 at 06:14 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.3 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.3 or later
  • If an upgrade is not possible, disable BLF parsing in Wireshark preferences to prevent processing of potentially malicious files
  • Run Wireshark in a sandboxed environment or restrict its ability to open arbitrary files to limit the impact of crashes

Generated by OpenCVE AI on April 18, 2026 at 06:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6124-1 wireshark security update
History

Wed, 21 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 15 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 15 Jan 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Wed, 14 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Description BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Title Out-of-bounds Write in Wireshark
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-27T13:56:59.242Z

Reserved: 2026-01-14T20:14:06.637Z

Link: CVE-2026-0961

cve-icon Vulnrichment

Updated: 2026-01-14T21:08:28.655Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-14T21:15:53.063

Modified: 2026-01-21T18:43:01.720

Link: CVE-2026-0961

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-14T20:23:48Z

Links: CVE-2026-0961 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:15:15Z

Weaknesses