Description
Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improperly controlled sequential memory allocation in Wireshark's zlib decompression component that can be triggered during packet dissection, causing an application crash and resulting in a denial of service. The weakness is a classic example of CWE‑1325, where an attacker can influence the memory allocation sequence to exhaust resources or corrupt memory. The issue also involves CWE‑409, indicating that uninitialized or improperly handled data may affect the allocation logic. Exploitation leads to an immediate service interruption if a user opens a maliciously crafted capture file.

Affected Systems

This flaw affects Wireshark Foundation products running versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Any installations of those versions that may process external capture files are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity issue, while the EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low exploitation probability. The likely attack vector is the delivery of a malicious pcap file that a user opens with Wireshark; the attacker does not need privileged access beyond the ability to load the file into the application. Because the crash does not expose code execution, the impact is restricted to a loss of availability for the dissecting process.

Generated by OpenCVE AI on May 4, 2026 at 13:55 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later, which removes the vulnerable zlib decompression logic.
  • If upgrading is not immediately possible, restrict the processing of external capture files by only allowing trusted sources or using verification tools to ensure file integrity before opening them in Wireshark.
  • Employ network segmentation or content filtering to prevent the delivery of malicious capture files to endpoints running vulnerable Wireshark versions.

Generated by OpenCVE AI on May 4, 2026 at 13:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-409
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Improperly Controlled Sequential Memory Allocation in Wireshark
Weaknesses CWE-1325
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:31:36.338Z

Reserved: 2026-04-17T15:06:27.695Z

Link: CVE-2026-6535

cve-icon Vulnrichment

Updated: 2026-04-30T12:31:33.629Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:40.870

Modified: 2026-05-01T18:16:11.087

Link: CVE-2026-6535

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:36:49Z

Links: CVE-2026-6535 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses