Description
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference in the ROHC protocol dissector of Wireshark 4.6.0 through 4.6.5 and 4.4.0 through 4.4.15. A malformed packet triggers the issue, causing the application to crash and become unavailable. This weakness is classified as CWE‑476 and does not provide remote code execution or information disclosure, but it can make the application non‑functional.

Affected Systems

All Wireshark installations running the affected versions—4.6.0 to 4.6.5 and 4.4.0 to 4.4.15—on any platform where the software is deployed are affected. The issue originates in the ROHC protocol dissector and is independent of the operating system.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA KEV. The most likely attack vector is an attacker who can force Wireshark to parse a malicious packet, such as by injecting crafted traffic that the application captures. This condition would lead to a denial of service that could disrupt monitoring or analysis activities.

Generated by OpenCVE AI on May 27, 2026 at 22:14 UTC.

Remediation

Vendor Solution

Upgrade to Wireshark 4.6.6 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.6 or newer. This is the official solution provided by the Wireshark Foundation.
  • If an upgrade is not immediately possible, temporarily disable the ROHC protocol dissector in Wireshark preferences to prevent crashes caused by malicious packets.
  • If the ROHC dissector cannot be disabled, restrict Wireshark to trusted networks or isolate it from untrusted sources using network segmentation and firewall rules.

Generated by OpenCVE AI on May 27, 2026 at 22:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
Title NULL Pointer Dereference in Wireshark
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-27T19:36:26.557Z

Reserved: 2026-05-27T18:16:39.521Z

Link: CVE-2026-9759

cve-icon Vulnrichment

Updated: 2026-05-27T19:36:21.604Z

cve-icon NVD

Status : Received

Published: 2026-05-27T20:16:46.797

Modified: 2026-05-27T20:16:46.797

Link: CVE-2026-9759

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T01:45:03Z

Weaknesses