Description
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Published: 2026-04-30
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the RDP protocol dissector of Wireshark. A heap-based buffer overflow occurs when the application parses certain malformed RDP packets, which can crash the application and potentially allow an attacker to execute arbitrary code. The flaw is classified as CWE-122 (Heap-Based Buffer Overflow) and also represents a CWE-787 (Out-of-Bounds Write) condition.

Affected Systems

Wireshark Foundation's Wireshark product is affected, specifically versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

Risk and Exploitability

The CVSS score of 7.8 indicates a high risk level. The EPSS score is less than 1%, indicating a very low exploitation probability. The vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack vector involves supplying crafted RDP packets while Wireshark parses a capture file; this can lead to a crash or, in some conditions, code execution, impacting the integrity and availability of systems running Wireshark.

Generated by OpenCVE AI on May 2, 2026 at 08:03 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade to Wireshark 4.6.5 or later
  • If an upgrade cannot be performed immediately, run Wireshark in an isolated sandbox or virtual machine to contain any potential exploitation
  • Temporarily disable the RDP dissector by editing the preferences or building a minimal Wireshark instance without RDP protocol support

Generated by OpenCVE AI on May 2, 2026 at 08:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Title Heap-based Buffer Overflow in Wireshark
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-02T03:55:30.220Z

Reserved: 2026-04-02T06:33:26.681Z

Link: CVE-2026-5405

cve-icon Vulnrichment

Updated: 2026-05-01T14:28:09.475Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T00:16:24.963

Modified: 2026-05-01T19:22:53.760

Link: CVE-2026-5405

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses