Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-6532

Summary
Assigner-GitLab
Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At-30 Apr, 2026 | 05:36
Updated At-30 Apr, 2026 | 12:34
Rejected At-
Credits

Buffer Over-read in Wireshark

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitLab
Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At:30 Apr, 2026 | 05:36
Updated At:30 Apr, 2026 | 12:34
Rejected At:
â–¼CVE Numbering Authority (CNA)
Buffer Over-read in Wireshark

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Affected Products
Vendor
Wireshark FoundationWireshark Foundation
Product
Wireshark
Default Status
unaffected
Versions
Affected
  • From 4.6.0 before 4.6.5 (semver)
  • From 4.4.0 before 4.4.15 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-126CWE-126: Buffer Over-read
Type: CWE
CWE ID: CWE-126
Description: CWE-126: Buffer Over-read
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to version 4.6.5 or above

Configurations
Workarounds
Exploits
Credits
finder
Sharon Brizinov
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wireshark.org/security/wnpa-sec-2026-29.html
N/A
https://gitlab.com/wireshark/wireshark/-/issues/21129
issue-tracking
permissions-required
https://gitlab.com/wireshark/wireshark/-/issues/21128
issue-tracking
permissions-required
Hyperlink: https://www.wireshark.org/security/wnpa-sec-2026-29.html
Resource: N/A
Hyperlink: https://gitlab.com/wireshark/wireshark/-/issues/21129
Resource:
issue-tracking
permissions-required
Hyperlink: https://gitlab.com/wireshark/wireshark/-/issues/21128
Resource:
issue-tracking
permissions-required
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/wireshark/wireshark/-/work_items/21129
exploit
Hyperlink: https://gitlab.com/wireshark/wireshark/-/work_items/21129
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@gitlab.com
Published At:30 Apr, 2026 | 07:16
Updated At:01 May, 2026 | 18:16

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
Wireshark Foundation
wireshark
>>wireshark>>Versions from 4.4.0(inclusive) to 4.4.14(inclusive)
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>Versions from 4.6.0(inclusive) to 4.6.4(inclusive)
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-126Secondarycve@gitlab.com
CWE ID: CWE-126
Type: Secondary
Source: cve@gitlab.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/wireshark/wireshark/-/issues/21128cve@gitlab.com
Broken Link
https://gitlab.com/wireshark/wireshark/-/issues/21129cve@gitlab.com
Exploit
Issue Tracking
Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2026-29.htmlcve@gitlab.com
Vendor Advisory
https://gitlab.com/wireshark/wireshark/-/work_items/21129134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://gitlab.com/wireshark/wireshark/-/issues/21128
Source: cve@gitlab.com
Resource:
Broken Link
Hyperlink: https://gitlab.com/wireshark/wireshark/-/issues/21129
Source: cve@gitlab.com
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://www.wireshark.org/security/wnpa-sec-2026-29.html
Source: cve@gitlab.com
Resource:
Vendor Advisory
Hyperlink: https://gitlab.com/wireshark/wireshark/-/work_items/21129
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2026-0960
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 2.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 20:23
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-0961
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.59%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 20:23
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write in Wireshark

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9780
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 06:30
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Initialization of a Variable in Wireshark

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWiresharkwireshark
CWE ID-CWE-456
Missing Initialization of a Variable
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2023-3648
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.20%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 06:16
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mismatched Memory Management Routines in Wireshark

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-762
Mismatched Memory Management Routines
CVE-2019-9209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 66.80%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

Action-Not Available
Vendor-n/aCanonical Ltd.Wireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkubuntu_linuxdebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2024-4855
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.6||LOW
EPSS-0.02% / 6.32%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 00:03
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in editcap

Use after free issue in editcap could cause denial of service via crafted capture file

Action-Not Available
Vendor-Wireshark FoundationFedora Project
Product-wiresharkfedoraeditcap
CWE ID-CWE-416
Use After Free
CVE-2024-11595
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.84%
||
7 Day CHG~0.00%
Published-21 Nov, 2024 | 09:30
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWiresharkwireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-8250
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.08%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 23:30
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Expired Pointer Dereference in Wireshark

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWiresharkwireshark
CWE ID-CWE-825
Expired Pointer Dereference
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4758
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.92%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:47
Updated-19 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in gpac/gpac

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

Action-Not Available
Vendor-GPAC
Product-gpacgpac/gpac
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2301
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.18%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 10:30
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in hpjansson/chafa

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.

Action-Not Available
Vendor-chafa_projecthpjansson
Product-chafahpjansson/chafa
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-23130
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 18:17
Updated-08 Jan, 2026 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.

Action-Not Available
Vendor-iconicsMitsubishi Electric Iconics Digital SolutionsMitsubishi Electric Corporation
Product-hyper_historiangenesis64mc_works64GENESIS64MC Works64GENESIS32ICONICS Suite
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
  • Previous
  • 1
  • 2
  • Next
Details not found