Description
Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory leak in the Wireshark daemon component known as sharkd. When processing certain network captures, memory allocations accumulate without proper deallocation, eventually exhausting system resources and causing the daemon to terminate. The failure to release allocated memory is a classic example of CWE-401, leading to a denial of service. The Affected packages run as a background service, so an attacker could potentially trigger the leak by manipulating packet streams or by simply running the service for an extended period. The data indicates that the leak leads to a crash or reboot of the process, thus interrupting traffic capture or analysis.

Affected Systems

The affected systems are Wireshark Foundation Wireshark. The vulnerability exists in all releases of Wireshark 4.6.0 through 4.6.4 as well as 4.4.0 through 4.4.14.

Risk and Exploitability

CVSS score is 5.5, placing it in the medium severity class. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, indicating that widespread exploitation evidence is currently lacking. Nonetheless, because the flaw consumes heap memory indefinitely, an attacker who can maintain a persistent session with the daemon or force it to process crafted data could force the process to exhaust memory and crash. The likely attack vector therefore involves local or remote operation of the sharkd service, as the description does not specify a specific interface. In environments where the service is exposed to untrusted input, the risk is higher.

Generated by OpenCVE AI on April 30, 2026 at 13:54 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to apply the official memory leak fix.
  • If an upgrade is not immediately possible, disable or restrict the sharkd daemon so it does not process untrusted input, or deploy it within a confined environment with limited memory resources.
  • Monitor memory usage of Wireshark processes for abnormal growth and schedule regular restarts or apply operating‑system limits (ulimit) to prevent prolonged crashes.

Generated by OpenCVE AI on April 30, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Description Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Missing Release of Memory after Effective Lifetime in Wireshark
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T15:21:14.812Z

Reserved: 2026-04-29T07:34:21.218Z

Link: CVE-2026-7379

cve-icon Vulnrichment

Updated: 2026-04-30T14:47:50.563Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-30T06:16:17.333

Modified: 2026-04-30T15:13:14.230

Link: CVE-2026-7379

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses