Impact
Wireshark contains a stack-based buffer overflow in its IEEE 802.11 protocol dissector that causes the program to crash when processing malformed packets. The overflow can be triggered during a normal capture or when opening a crafted capture file, leading an attacker to interrupt or deny access to the Wireshark application on the host. The vulnerability is a classic CWE‑121 issue that does not provide a path to execute arbitrary code but instead results in a denial of service by terminating the program.
Affected Systems
The flaw is present in all releases of Wireshark 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16 distributed by the Wireshark Foundation. Users running these versions should be aware that any analysis of 802.11 traffic could be influenced by the vulnerability.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity. The EPSS score is < 1%, indicating a very low but nonzero likelihood of exploitation. The feature is not listed in CISA KEV, suggesting no widespread exploitation reports yet. The likely attack vector is that an attacker can craft a malicious 802.11 frame or capture file that, when parsed by Wireshark, triggers the buffer overflow and causes a crash. This attack has local impact on the system running Wireshark, resulting in denial of service to the user.
OpenCVE Enrichment