Description
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Published: 2026-04-30
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap‑based buffer overflow occurs when Wireshark processes an SBC (Single Byte Code) codec packet in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The overflow can trigger a crash, creating a denial‑of‑service condition, and potentially allow an attacker to execute arbitrary code depending on the environment. The weakness is classified as CWE-122 and CWE-787.

Affected Systems

The vulnerability affects Wireshark software distributed by the Wireshark Foundation. Systems running any of the affected releases—Wireshark 4.6.0‑4.6.4 or 4.4.0‑4.4.14—are at risk. Upgrading to 4.6.5 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. The EPSS score of 0.00014 indicates an exceptionally low probability of exploitation, though the likelihood cannot be dismissed entirely. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation. The attack can be carried out by feeding crafted network traffic that includes a malicious SBC codec packet, so the likely vector is network or locally imported capture files. Organizations should treat the risk as significant until the update is applied.

Generated by OpenCVE AI on May 2, 2026 at 08:03 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to eliminate the buffer overflow.
  • If an upgrade is not immediately feasible, isolate the affected systems from untrusted network traffic and restrict file imports to known safe sources.
  • Monitor logs and crash reports for signs of denial‑of‑service events or suspicious memory operations to detect potential exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 08:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Title Heap-based Buffer Overflow in Wireshark
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-02T03:55:27.939Z

Reserved: 2026-04-02T06:33:16.683Z

Link: CVE-2026-5403

cve-icon Vulnrichment

Updated: 2026-05-01T14:20:54.707Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T00:16:24.670

Modified: 2026-05-01T19:18:04.737

Link: CVE-2026-5403

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses