Impact
The vulnerability is a heap-based buffer overflow located in the TLS ECH decryptor component of Wireshark versions 4.6.0 through 4.6.6. When a crafted TLS ECH packet is processed, the heap overflow can corrupt memory and trigger a crash, thereby causing Wireshark to stop processing packets and potentially deny service to users who rely on the software for network analysis. The weakness is classified as CWE‑122.
Affected Systems
Wireshark Foundation’s Wireshark 4.6.0 to 4.6.6 are affected. All installations of these versions that use the TLS ECH decryptor feature are vulnerable. Updating to version 4.6.7 or later removes the vulnerability.
Risk and Exploitability
The CVSS base score of 5.5 indicates a medium severity vulnerability. No EPSS score is available, so an exact exploitation probability cannot be quantified, but the lack of a KEV listing suggests that the vulnerability has not yet been widely exploited in the wild. The likely attack vector is the processing of a malicious TLS ECH packet received over the network, which may be delivered remotely via a client or a compromised certificate authority. Attackers would need only to send such a packet to a machine running the vulnerable Wireshark instance; the resulting crash causes a denial of service to users of that instance.
OpenCVE Enrichment