CVE-2026-3203 - Vulnerability Details - OpenCVE

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wireshark Foundation

Wireshark

unaffected

Version	Status	Constraints
`4.6.0`	affected	< 4.6.4
`4.4.0`	affected	< 4.4.14

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to version 4.6.4 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gitlab.com/wireshark/wireshark/-/issues/21009
https://nvd.nist.gov/vuln/detail/CVE-2026-3203
https://www.cve.org/CVERecord?id=CVE-2026-3203
https://www.wireshark.org/security/wnpa-sec-2026-07.html

History

Thu, 26 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-3203 https://www.cve.org/CVERecord?id=CVE-2026-3203
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 25 Feb 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Title		Buffer Over-read in Wireshark
Weaknesses		CWE-126
References		https://gitlab.com/wireshark/wireshark/-/issues/21009 https://www.wireshark.org/security/wnpa-sec-2026-07.html
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2026-02-25T14:36:00.984Z

Updated: 2026-02-25T20:37:14.893Z

Reserved: 2026-02-25T14:35:46.001Z

Link: CVE-2026-3203

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-02-25T15:20:55.973

Modified: 2026-02-25T15:22:44.317

Link: CVE-2026-3203

Redhat

Severity : Moderate

Publid Date: 2026-02-25T14:36:00Z

Links: CVE-2026-3203 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-126

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3203", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-02-25T14:35:46.001Z", "datePublished": "2026-02-25T14:36:00.984Z", "dateUpdated": "2026-02-25T20:37:14.893Z"}, "containers": {"cna": {"title": "Buffer Over-read in Wireshark", "descriptions": [{"lang": "en", "value": "RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.4", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-126: Buffer Over-read", "cweId": "CWE-126", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-07.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/21009", "name": "GitLab Issue #21009", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.4 or above"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-02-25T14:36:00.984Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T20:35:47.008169Z", "id": "CVE-2026-3203", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T20:37:14.893Z"}}]}}

{"bugzilla": {"description": "wireshark: Buffer Over-read in Wireshark", "id": "2442639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442639"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-126", "details": ["A flaw was found in the RF4CE Profile dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a buffer over-read, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "If the RF4CE Profile protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2026-3203", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-25T14:36:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3203\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3203\nhttps://gitlab.com/wireshark/wireshark/-/issues/21009\nhttps://www.wireshark.org/security/wnpa-sec-2026-07.html"], "statement": "This issue will cause a crash in Wireshark with no other security impact. Also, this flaw can only be exploited when a malformed pcap file is processed. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}