Description
K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the K12 RF5 file parser of Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. A specially crafted K12 RF5 packet capture triggers a buffer copy without size checks, causing Wireshark to crash. This results in a denial of service to the end user, halting network analysis and disrupting workflows. The weakness is identified as CWE‑120 and CWE‑1286.

Affected Systems

Affected vendors are Wireshark Foundation, product Wireshark. Releases 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 are susceptible; later versions are not affected.

Risk and Exploitability

The CVSS score of 4.7 indicates a moderate impact with limited exploitation complexity. The EPSS score of < 1% shows a very low probability of real‑world exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could deliver a crafted K12 RF5 file to Wireshark, either by having a user open a malicious capture or by sending the file to a target system for local analysis. This would lead to an immediate crash and denial of service. The vulnerability can be exploited without authentication and is likely local to the machine running the software.

Generated by OpenCVE AI on May 4, 2026 at 13:51 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to apply the vendor patch.
  • Disable or remove any K12 RF5 parsing modules until the upgrade is performed.
  • Restrict Wireshark to trusted capture files only, and if unknown files must be examined, run Wireshark in a sandboxed environment.

Generated by OpenCVE AI on May 4, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1286
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-01T14:20:15.602Z

Reserved: 2026-04-02T06:33:21.683Z

Link: CVE-2026-5404

cve-icon Vulnrichment

Updated: 2026-05-01T14:20:07.654Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T00:16:24.820

Modified: 2026-05-01T19:22:11.793

Link: CVE-2026-5404

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T23:04:08Z

Links: CVE-2026-5404 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses