Description
AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wireshark’s AMR‑NB codec contains a stack‑based buffer overflow that can be triggered by processing malicious AMR‑NB packets. The improper handling causes the application to crash, resulting in a denial of service. The weakness is classified as CWE‑121 and CWE‑237.

Affected Systems

Wireshark Foundation’s Wireshark product is affected in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is 0.00017 (less than 1%), indicating a very low expected probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation yet. An attacker can deliver a crafted AMR‑NB packet to Wireshark and cause the application to terminate. The likely attack vector is the transmission of malicious AMR‑NB packets to Wireshark, an inference drawn from the description. Based on the description, it is inferred that an attacker does not need privileges beyond the ability to run the software or supply the packet, so the impact is limited to availability of the Wireshark instance; there is no known privilege escalation or data disclosure risk.

Generated by OpenCVE AI on May 4, 2026 at 14:21 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later.
  • If an upgrade is not immediately possible, avoid processing AMR‑NB packets by disabling the codec during capture or analysis.
  • Run Wireshark with the minimum necessary privileges so that a crash cannot affect critical system components.

Generated by OpenCVE AI on May 4, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-237
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Stack-based Buffer Overflow in Wireshark
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T13:02:57.653Z

Reserved: 2026-04-06T06:33:56.341Z

Link: CVE-2026-5654

cve-icon Vulnrichment

Updated: 2026-04-30T13:01:54.821Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:38.650

Modified: 2026-05-01T17:02:54.637

Link: CVE-2026-5654

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:39:04Z

Links: CVE-2026-5654 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:30:06Z

Weaknesses