Description
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
Published: 2026-07-08
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap‑based buffer overflow located in the Z39.50 protocol dissector of Wireshark. When a specially crafted packet is processed, the dissector can write beyond the bounds of an allocated buffer, causing the application to crash. This results in a denial of service because the user session or the entire Wireshark process terminates.

Affected Systems

Wireshark Foundation’s Wireshark software is affected. The flaw exists in versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16. The vendor has released a fix in Wireshark 4.6.7, which addresses the buffer overflow in the Z39.50 dissector.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, so no public exploits are known. Because Wireshark runs in user space, the most likely attack vector requires an attacker to supply a malicious packet on the network or a crafted capture file that the user opens. The crash would terminate the Wireshark process or potentially the entire user session, harming availability. Even though an attacker would need to direct traffic or files to a victim, the impact can be disruptive in shared or critical monitoring environments.

Generated by OpenCVE AI on July 9, 2026 at 04:00 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.7 or above


OpenCVE Recommended Actions

  • Apply the vendor patch by upgrading Wireshark to version 4.6.7 or higher.
  • As an interim measure, disable the Z39.50 dissector or restrict its use to trusted environments.
  • Avoid opening capture files or connecting to Z39.50 services from untrusted sources until a patch is applied.

Generated by OpenCVE AI on July 9, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 08 Jul 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Wed, 08 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
Title Heap-based Buffer Overflow in Wireshark
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-07-08T20:50:50.275Z

Reserved: 2026-07-08T20:45:48.875Z

Link: CVE-2026-15170

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-08T20:50:50Z

Links: CVE-2026-15170 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T04:15:12Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow

  • CWE-131

    Incorrect Calculation of Buffer Size