Description
SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in the SDP protocol dissector of Wireshark. Exploiting it allows an attacker to deliver crafted SDP packets that cause Wireshark to free memory and then dereference it, resulting in a crash. The weakness falls under CWE‑416 and CWE‑237 and crashes the application, denying legitimate users from capturing or analyzing network traffic.

Affected Systems

Wireshark Foundation’s Wireshark product versions 4.6.0 through 4.6.4 are affected. All installations of these releases running the SDP dissector are at risk.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate severity with no impact on confidentiality or integrity, only availability. EPSS score is 0.00017, indicating a very low exploitation probability, and the flaw is not listed in CISA’s KEV catalog. Attack likely requires a user to open a malicious capture file or allow the program to process deceptive network traffic containing malformed SDP packets, making it a local or user‑interaction type exploit.

Generated by OpenCVE AI on May 4, 2026 at 14:21 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later
  • If SDP dissector is not required, disable it to prevent processing malformed SDP packets
  • Avoid opening or examining unsolicited capture files from untrusted sources; verify the file integrity before analysis

Generated by OpenCVE AI on May 4, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-237
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service
Title Use After Free in Wireshark
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:52:43.399Z

Reserved: 2026-04-06T06:34:01.485Z

Link: CVE-2026-5655

cve-icon Vulnrichment

Updated: 2026-04-30T12:52:38.838Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:38.780

Modified: 2026-05-01T16:49:18.977

Link: CVE-2026-5655

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:38:59Z

Links: CVE-2026-5655 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:30:06Z

Weaknesses