Description
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Published: 2026-02-25
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

Wireshark's USB HID protocol dissector allocates memory sequentially without proper control, leading to memory exhaustion when parsing large or malformed HID packets. An attacker who can supply such packets to Wireshark can trigger a crash, resulting in a denial of service that disrupts the utility’s availability. The weakness corresponds to CWE‑1325 (Improper Input Handling) and CWE‑770 (Maximum Resource Consumption).

Affected Systems

Vulnerable releases include Wireshark 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13, distributed by the Wireshark Foundation. No other versions or products are affected according to the CNA data.

Risk and Exploitability

With a CVSS score of 4.7 and an EPSS below 1 %, the current likelihood of exploitation is considered low, and the issue is not listed in CISA’s KEV catalog. However, the exploit requires the attacker to have the ability to inject crafted USB HID traffic into a running Wireshark instance; the attack vector is therefore presumably local. Once the malicious packets are processed, Wireshark will terminate, denying service to the user and potentially disrupting any monitoring processes that depend on it. Because the CVSS base score reflects only local impact, organizations running critical monitoring should still consider the vulnerability noteworthy.

Generated by OpenCVE AI on April 16, 2026 at 06:07 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.4 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.4 or later.
  • If an immediate upgrade is not possible, disable the USB HID dissector in the Wireshark preferences to stop processing HID packets.
  • Restrict physical access to USB HID devices on systems running Wireshark, ensuring only trusted devices are connected while the application is in use.

Generated by OpenCVE AI on April 16, 2026 at 06:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 26 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Description USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Title Improperly Controlled Sequential Memory Allocation in Wireshark
Weaknesses CWE-1325
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-27T13:56:59.581Z

Reserved: 2026-02-25T14:35:36.231Z

Link: CVE-2026-3201

cve-icon Vulnrichment

Updated: 2026-02-25T20:56:26.556Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T15:20:55.617

Modified: 2026-02-26T14:49:01.050

Link: CVE-2026-3201

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-25T14:35:50Z

Links: CVE-2026-3201 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses