Description
BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The BEEP protocol dissector in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14 contains a stack‑based buffer overflow, identified as CWE‑121 and CWE‑1286, that causes the application to crash. This flaw does not permit arbitrary code execution or privilege escalation; it simply allows a malicious BEEP packet to terminate the Wireshark process, resulting in a denial of service.

Affected Systems

The vulnerability affects Wireshark from the Wireshark Foundation. All installations running versions 4.6.0–4.6.4 or 4.4.0–4.4.14 are impacted and must be updated before they can be considered secure.

Risk and Exploitability

The CVSS score of 5.5 suggests moderate risk. The EPSS score of less than 1% indicates a very low probability of exploitation, and the vulnerability is not listed in CISA KEV, indicating limited or no known exploitation. The attack vector is likely remote or local, depending on whether a crafted BEEP packet can be presented to a running Wireshark instance; the exploit requires no special privileges and results only in an application crash and loss of availability.

Generated by OpenCVE AI on May 4, 2026 at 13:55 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later, which removes the buffer overflow in the BEEP dissector.
  • If an upgrade is not immediately possible, disable the BEEP protocol dissector temporarily to prevent the crash from occurring.
  • Implement policy controls that restrict untrusted network traffic from being fed into Wireshark until the upgrade is applied.

Generated by OpenCVE AI on May 4, 2026 at 13:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1286
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Stack-based Buffer Overflow in Wireshark
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:50:22.346Z

Reserved: 2026-04-17T15:06:42.676Z

Link: CVE-2026-6538

cve-icon Vulnrichment

Updated: 2026-04-30T12:50:19.211Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:41.227

Modified: 2026-05-01T18:15:37.547

Link: CVE-2026-6538

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:38:34Z

Links: CVE-2026-6538 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses