Description
TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
Published: 2026-04-30
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow exists in the TLS protocol dissector of Wireshark versions 4.6.0 through 4.6.4. The flaw can cause a denial‑of‑service condition and, depending on the environment, may lead to arbitrary code execution. The weakness is identified as CWE‑122, indicating an unbounded buffer write on the heap.

Affected Systems

Wireshark Foundation’s Wireshark application is impacted. Users running Wireshark versions 4.6.0, 4.6.1, 4.6.2, 4.6.3, or 4.6.4 are vulnerable; upgrading to 4.6.5 or later removes the issue.

Risk and Exploitability

The CVSS score is 8.8, reflecting high severity. No EPSS score is publicly available, so the exploitation probability cannot be quantified at present. The vulnerability is not listed in the CISA KEV catalog, but its high CVSS indicates it should be treated with urgency. Based on the description, the likely attack vector is a malicious network capture or injection of crafted TLS traffic that Wireshark processes, which could trigger the overflow during a normal dissector run.

Generated by OpenCVE AI on May 1, 2026 at 05:17 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or newer.
  • Remove or quarantine any older Wireshark binaries from active use.
  • If upgrading immediately is not feasible, disable the TLS dissector or use a sandboxed capture environment to mitigate risk.

Generated by OpenCVE AI on May 1, 2026 at 05:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Fri, 01 May 2026 16:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
Title Heap-based Buffer Overflow in Wireshark
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-01T15:27:02.931Z

Reserved: 2026-04-02T06:33:11.664Z

Link: CVE-2026-5402

cve-icon Vulnrichment

Updated: 2026-04-30T12:50:59.162Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:37.847

Modified: 2026-05-01T19:26:27.377

Link: CVE-2026-5402

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:30:09Z

Weaknesses