Description
MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a crash in the Wireshark MySQL protocol dissector caused by access of an uninitialized pointer, identified as CWE-824 and CWE-1286. When the dissector parses malicious MySQL traffic, it may terminate Wireshark, preventing further analysis and potentially disrupting network troubleshooting workflows. This loss of availability could affect a single user or a team that relies on Wireshark for monitoring and diagnostics.

Affected Systems

Wireshark Foundation’s Wireshark product is affected. Versions 4.4.0 through 4.4.14 and 4.6.0 through 4.6.4 are vulnerable. All other releases are not impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 5.5, indicating a moderate impact. An exploitation scenario requires Wireshark to process a crafted MySQL packet, so the attack vector is likely indirect, relying on an attacker to supply targeted traffic to a user’s Wireshark session. The EPSS score is < 1%, indicating a very low exploitation probability, but the lack of cataloguing in CISA KEV suggests limited current exploitation. The risk is present for systems that capture or open MySQL traffic without verification.

Generated by OpenCVE AI on May 4, 2026 at 13:57 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to remove the crash path.
  • If an upgrade is not currently possible, disable the MySQL dissector plugin while analyzing untrusted capture files to prevent the crash from occurring.
  • Continuously review Wireshark security advisories for additional guidance and monitor for further updates.

Generated by OpenCVE AI on May 4, 2026 at 13:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1286
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Access of Uninitialized Pointer in Wireshark
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T15:19:54.077Z

Reserved: 2026-04-17T15:05:32.680Z

Link: CVE-2026-6524

cve-icon Vulnrichment

Updated: 2026-04-30T15:02:54.538Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:39.637

Modified: 2026-05-01T19:27:14.617

Link: CVE-2026-6524

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:34:19Z

Links: CVE-2026-6524 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses