Description
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference occurs in Wireshark’s sharkd daemon in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14, causing the daemon to crash and thereby interrupting packet capture or analysis services. This failure results in a denial of service to legitimate users of the daemon and any services that depend on it. The weakness exemplifies a classic null dereference (CWE‑476) and reaches a reachable assertion vulnerability (CWE‑617). Based on the description, it is inferred that an attacker could trigger the crash by sending specially crafted packets to the daemon, as the crash occurs during packet processing.

Affected Systems

Wireshark Foundation’s Wireshark product, specifically the 4.6.0‑4.6.4 range and the 4.4.0‑4.4.14 range, is impacted when the sharkd service is in operation. Users running these vulnerable versions and exposing the daemon to network traffic are susceptible to the crash.

Risk and Exploitability

The CVSS score of 5.5 categorizes the issue as moderate. The EPSS score is < 1%, indicating a low likelihood of widespread exploitation. The vulnerability has been publicly disclosed and a patch has been issued. Attackers can likely trigger the crash by sending crafted packets to the sharkd service from a remote host; local exploitation would also suffice. The bug is not listed in CISA’s KEV catalog, suggesting no known active exploitation at the time of this analysis. Based on the description, it is inferred that the attacker’s vector is remote packet injection.

Generated by OpenCVE AI on May 2, 2026 at 00:24 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or newer to eliminate the vulnerable code paths.
  • If an upgrade cannot be performed immediately, restrict or block external access to the sharkd service or disable the daemon until the patch is applied.
  • Monitor system logs for unexpected crashes and apply the update promptly; consider disabling any unsupported plugins that might invoke sharkd until the issue is resolved.

Generated by OpenCVE AI on May 2, 2026 at 00:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 30 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Description Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title NULL Pointer Dereference in Wireshark
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-06T15:26:25.819Z

Reserved: 2026-04-29T07:34:06.177Z

Link: CVE-2026-7376

cve-icon Vulnrichment

Updated: 2026-05-05T16:07:43.059Z

cve-icon NVD

Status : Modified

Published: 2026-04-30T06:16:17.053

Modified: 2026-05-06T16:16:12.250

Link: CVE-2026-7376

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:04:10Z

Links: CVE-2026-7376 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:30:16Z

Weaknesses