Description
AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wireshark’s AMR‑NB codec contains a stack‑based buffer overflow that can be triggered by processing malicious AMR‑NB packets. The improper handling causes the application to crash, resulting in a denial of service. The weakness is classified as CWE‑121.

Affected Systems

Wireshark Foundation’s Wireshark product is affected in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation yet. An attacker can deliver a crafted AMR‑NB packet to Wireshark and cause the application to terminate. Based on the description, it is inferred that an attacker does not need privileges beyond the ability to run the software or supply the packet, so the impact is limited to availability of the Wireshark instance; there is no known privilege escalation or data disclosure risk.

Generated by OpenCVE AI on May 1, 2026 at 05:18 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later.
  • If an upgrade is not immediately possible, avoid processing AMR‑NB packets by disabling the codec during capture or analysis.
  • Run Wireshark with the minimum necessary privileges so that a crash cannot affect critical system components.

Generated by OpenCVE AI on May 1, 2026 at 05:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Stack-based Buffer Overflow in Wireshark
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T13:02:57.653Z

Reserved: 2026-04-06T06:33:56.341Z

Link: CVE-2026-5654

cve-icon Vulnrichment

Updated: 2026-04-30T13:01:54.821Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:38.650

Modified: 2026-05-01T17:02:54.637

Link: CVE-2026-5654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:30:09Z

Weaknesses