Description
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Published: 2026-02-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 contain a buffer over-read in the RF4CE Profile protocol dissector causing a crash and resulting in denial of service. The flaw arises when the dissector reads beyond the bounds of the supplied packet data, leading to an unhandled exception. The impact is limited to the instance of Wireshark that processes the malformed packet, disrupting troubleshooting or network analysis.

Affected Systems

The vulnerability affects Wireshark software published by Wireshark Foundation. All releases from version 4.6.0 to 4.6.3 and from 4.4.0 to 4.4.13 are vulnerable. Users of earlier or later releases are not impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity, while the EPSS score of less than 1% signals a very low probability of automated exploitation. The vulnerability is not included in the CISA KEV catalog. The likely attack vector is application‑side: an attacker can supply a crafted RF4CE packet to Wireshark during packet capture or file import. If the application is running with elevated privileges, a crash may result in a denial of service for that user or system. No network‑level remote code execution is possible; the exploit requires delivery of malicious data to the victim’s Wireshark instance.

Generated by OpenCVE AI on April 16, 2026 at 06:07 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.4 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.4 or later to obtain the fix
  • Restrict the processing of RF4CE streams to trusted sources or offline capture files when an upgrade cannot be applied immediately
  • Monitor Wireshark for unexpected crashes and enforce the use of the latest stable release in production environments

Generated by OpenCVE AI on April 16, 2026 at 06:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 26 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Description RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Title Buffer Over-read in Wireshark
Weaknesses CWE-126
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-27T13:56:59.788Z

Reserved: 2026-02-25T14:35:46.001Z

Link: CVE-2026-3203

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T15:20:55.973

Modified: 2026-02-26T14:41:13.870

Link: CVE-2026-3203

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-25T14:36:00Z

Links: CVE-2026-3203 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses