Description
WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improperly controlled sequential memory allocation in Wireshark’s WebSocket protocol dissector. Parsing crafted WebSocket frames can trigger a buffer mismanagement that causes the application to crash, resulting in denial of service. The weakness is classified as CWE-1325 and CWE-237.

Affected Systems

Affected products are Wireshark from the Wireshark Foundation. Versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14 are impacted. Users running these builds should be aware that any traffic containing malicious WebSocket packets could destabilize the network analyzer.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of < 1% indicates a very low but non‑zero exploitation probability, suggesting limited publicly observable exploitation risk. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a malicious WebSocket payload sent over a network that Wireshark monitors, which would cause the dissector to crash. Because no remote code execution or elevated privileges are involved, the risk is confined to denial of service affecting the analyst’s environment rather than compromising the host system.

Generated by OpenCVE AI on May 4, 2026 at 14:41 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Apply the official update to Wireshark 4.6.5 or later.
  • If an upgrade cannot be performed immediately, disable the WebSocket protocol dissector in Wireshark’s preferences to prevent processing of potentially malicious frames.
  • Restrict Wireshark’s exposure to untrusted traffic sources, and consider isolating the analyst workstation in a controlled network segment.

Generated by OpenCVE AI on May 4, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-237
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Improperly Controlled Sequential Memory Allocation in Wireshark
Weaknesses CWE-1325
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:47:07.534Z

Reserved: 2026-04-22T16:29:28.863Z

Link: CVE-2026-6869

cve-icon Vulnrichment

Updated: 2026-04-30T12:26:08.830Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:41.470

Modified: 2026-05-01T18:15:10.147

Link: CVE-2026-6869

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:33:39Z

Links: CVE-2026-6869 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:45:02Z

Weaknesses