Description
Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wireshark’s LZ77 decompression routine contains an improper sequential memory allocation that triggers a crash when processing crafted packets, resulting in a denial‑of‑service condition. The weakness is classified as CWE‑1325 and CWE‑409, and it leads to an abrupt termination of the Wireshark process without affecting confidentiality or integrity.

Affected Systems

The vulnerability affects Wireshark releases from the Wireshark Foundation in the 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 ranges, as identified by the CNA vendor/product listing.

Risk and Exploitability

Wireshark assigns a CVSS score of 5.5, indicating moderate severity. The EPSS score of <1% suggests a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to be a crafted packet supplied through the network interface that Wireshark captures, or locally via a replayed capture file; no remote code execution or privilege escalation is documented. The primary risk is loss of availability, potentially interrupting network monitoring and leading to broader operational disruptions.

Generated by OpenCVE AI on May 4, 2026 at 14:50 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later, which contains the fix for the LZ77 decompression issue.
  • If an immediate upgrade is not feasible, run the previous stable release (Wireshark 4.3.x or earlier) on a dedicated monitoring host and filter or disable any packet streams that may contain malformed data.
  • Deploy Wireshark in an isolated or sandboxed environment (e.g., container or VM) and restrict the network inputs to trusted traffic sources to limit opportunities for crafted packets to reach the dissection engine.

Generated by OpenCVE AI on May 4, 2026 at 14:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-409
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Improperly Controlled Sequential Memory Allocation in Wireshark
Weaknesses CWE-1325
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:35:09.262Z

Reserved: 2026-04-17T15:06:17.671Z

Link: CVE-2026-6533

cve-icon Vulnrichment

Updated: 2026-04-30T12:35:06.156Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:40.627

Modified: 2026-05-01T18:16:34.720

Link: CVE-2026-6533

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:36:39Z

Links: CVE-2026-6533 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:00:03Z

Weaknesses