Description
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
Published: 2026-07-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wireshark contains a stack-based buffer overflow in its IEEE 802.11 protocol dissector that causes the program to crash when processing malformed packets. The overflow can be triggered during a normal capture or when opening a crafted capture file, leading an attacker to interrupt or deny access to the Wireshark application on the host. The vulnerability is a classic CWE‑121 issue that does not provide a path to execute arbitrary code but instead results in a denial of service by terminating the program.

Affected Systems

The flaw is present in all releases of Wireshark 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16 distributed by the Wireshark Foundation. Users running these versions should be aware that any analysis of 802.11 traffic could be influenced by the vulnerability.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score is < 1%, indicating a very low but nonzero likelihood of exploitation. The feature is not listed in CISA KEV, suggesting no widespread exploitation reports yet. The likely attack vector is that an attacker can craft a malicious 802.11 frame or capture file that, when parsed by Wireshark, triggers the buffer overflow and causes a crash. This attack has local impact on the system running Wireshark, resulting in denial of service to the user.

Generated by OpenCVE AI on July 9, 2026 at 23:38 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.7 or above


OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.7 or newer, as the patch removes the buffer overflow bug.
  • Run Wireshark with the least privileges required, preferably under a non‑administrative user account, to limit disruption if the crash occurs.
  • If an immediate upgrade is not feasible, avoid opening untrusted capture files and, if possible, disable the 802.11 dissector in preferences until the patch is applied.

Generated by OpenCVE AI on July 9, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Wed, 08 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
Title Stack-based Buffer Overflow in Wireshark
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-07-09T13:13:51.109Z

Reserved: 2026-07-08T20:45:28.864Z

Link: CVE-2026-15166

cve-icon Vulnrichment

Updated: 2026-07-09T13:13:35.548Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-08T20:55:55Z

Links: CVE-2026-15166 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T04:00:11Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow

  • CWE-476

    NULL Pointer Dereference