Description
Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wireshark’s LZ77 decompression routine contains an improper memory allocation that can be triggered by a crafted packet. When versions 4.6.0 through 4.6.4 or 4.4.0 through 4.4.14 process such a packet, the dissection engine crashes, resulting in a denial of service. The weakness is identified as CWE‑1325 and causes the Wireshark process to terminate without compromising confidentiality or integrity.

Affected Systems

The issue impacts all deployments of Wireshark released by the Wireshark Foundation that fall within versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. This includes installations on Windows, macOS, and Linux platforms used for packet capture and analysis.

Risk and Exploitability

Wireshark rates the vulnerability with a CVSS score of 5.5, indicating moderate severity. No EPSS value is provided, and the vulnerability is not listed in the CISA KEV catalog, so there is no known large‑scale exploitation at this time. An attacker can typically supply the malicious packet remotely through the network that the Wireshark instance is capturing, or locally via a replay of a crafted capture file. The primary risk is the availability impact, which can interrupt network monitoring and potentially lead to broader operational disruptions.

Generated by OpenCVE AI on April 30, 2026 at 13:47 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later, which contains the fix for the LZ77 decompression issue.
  • If an immediate upgrade is not feasible, consider running a pre‑vulnerable release such as Wireshark 4.3.x or earlier on a dedicated monitoring host, and disable or filter any packet streams that might contain malformed data.
  • Deploy Wireshark in an isolated or sandboxed environment (e.g., container or VM) and restrict the network inputs to trusted traffic sources to limit the opportunity for crafted packets to reach the dissection engine.

Generated by OpenCVE AI on April 30, 2026 at 13:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Improperly Controlled Sequential Memory Allocation in Wireshark
Weaknesses CWE-1325
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:35:09.262Z

Reserved: 2026-04-17T15:06:17.671Z

Link: CVE-2026-6533

cve-icon Vulnrichment

Updated: 2026-04-30T12:35:06.156Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:40.627

Modified: 2026-05-01T18:16:34.720

Link: CVE-2026-6533

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses