SB2026043061 - Multiple vulnerabilities in Wireshark



SB2026043061 - Multiple vulnerabilities in Wireshark

Published: April 30, 2026 Updated: April 30, 2026

Security Bulletin ID SB2026043061
CSH Severity
High
Patch available
YES
Number of vulnerabilities 43
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 5% Medium 95%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 43 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2026-6870)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the GSM RP protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a crafted packet trace file.


2) Input validation error (CVE-ID: CVE-2026-6869)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the WebSocket protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required to open a crafted packet trace file.


3) Input validation error (CVE-ID: CVE-2026-6867)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the SMB2 protocol dissector when parsing malformed SMB2 packets or malformed packet trace files. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a malformed packet trace file.


4) Input validation error (CVE-ID: CVE-2026-6868)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the HTTP protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation uses a malformed packet trace file.


5) Resource exhaustion (CVE-ID: N/A)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in sharkd utility when handling requests. A remote attacker can send crafted requests to cause a denial of service.

The issue could leak memory and may also cause excessive CPU consumption.


6) Input validation error (CVE-ID: N/A)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in sharkd utility when handling requests. A remote attacker can send a crafted request to cause a denial of service.


7) Input validation error (CVE-ID: CVE-2026-6527)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in ASN.1 PER dissectors when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a crafted packet trace file.


8) Input validation error (CVE-ID: CVE-2026-6524)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the MySQL protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a malformed packet trace file.


9) Infinite loop (CVE-ID: CVE-2026-6523)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an infinite loop in the GNW protocol dissector when processing a malformed packet or parsing a malformed packet trace file. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required to open a malformed packet trace file.


10) Input validation error (CVE-ID: N/A)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in sharkd utility when handling requests. A remote attacker can send a crafted request to cause a denial of service.


11) Infinite loop (CVE-ID: N/A)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper loop control in the UDS protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a crafted packet trace file.


12) Input validation error (CVE-ID: CVE-2026-6521)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the OpenFlow v5 protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a crafted packet trace file.


13) Input validation error (CVE-ID: CVE-2026-6520)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the OpenFlow v6 protocol dissector when parsing a malformed packet or packet trace file. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation uses a crafted packet trace file.


14) Input validation error (CVE-ID: CVE-2026-6519)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in MBIM protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation uses a crafted packet trace file.


15) Infinite loop (CVE-ID: CVE-2026-6522)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an infinite loop in the RPKI-Router protocol dissector when parsing malformed packet data. A remote attacker can inject a malformed packet onto the wire or trick the victim into opening a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation uses a malformed packet trace file.


16) Input validation error (CVE-ID: CVE-2026-6528)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the TLS protocol dissector when parsing crafted TLS traffic. A remote attacker can supply malformed input to trigger an infinite loop to cause a denial of service.


17) Input validation error (CVE-ID: CVE-2026-6526)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the RTSP protocol dissector when parsing malformed RTSP packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a malformed packet trace file.


18) Input validation error (CVE-ID: CVE-2026-6525)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the IEEE 802.11 protocol dissector when parsing malformed packets or packet trace files. A remote attacker can inject a malformed packet onto the wire or convince a victim to open a malformed packet trace file to cause a denial of service.

User interaction is required when exploitation is performed via a crafted packet trace file.


19) Stack-based buffer overflow (CVE-ID: CVE-2026-5654)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the AMR-NB codec. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger stack-based buffer overflow and cause a denial of service condition on the target system.


20) Heap-based buffer overflow (CVE-ID: CVE-2026-6529)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the iLBC audio codec. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


21) Heap-based buffer overflow (CVE-ID: CVE-2026-6530)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the DCP-ETSI protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


22) Infinite loop (CVE-ID: CVE-2026-6531)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the SANE protocol dissector. A remote attacker can consume all available system resources and cause denial of service conditions.


23) Out-of-bounds read (CVE-ID: CVE-2026-6532)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Kismet protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger an out-of-bounds read error and cause a denial of service condition on the system.


24) Improperly Controlled Sequential Memory Allocation (CVE-ID: CVE-2026-6533)

CWE-ID: CWE-1325 - Improperly Controlled Sequential Memory Allocation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly controlled sequential memory allocation within Dissection engine zlib decompression. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


25) Infinite loop (CVE-ID: CVE-2026-6534)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the USB HID protocol dissector. A remote attacker can perform a denial of service (DoS) attack.


26) Improperly Controlled Sequential Memory Allocation (CVE-ID: CVE-2026-6535)

CWE-ID: CWE-1325 - Improperly Controlled Sequential Memory Allocation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly controlled sequential memory allocation within Dissection engine zlib decompression. A remote attacker can perform a denial of service (DoS) attack.


27) Infinite loop (CVE-ID: CVE-2026-6536)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the DLMS/COSEM protocol dissector. A remote attacker can consume all available system resources and cause denial of service conditions.


28) Stack-based buffer overflow (CVE-ID: CVE-2026-6537)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ZigBee protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger stack-based buffer overflow and cause a denial of service condition on the target system.


29) Stack-based buffer overflow (CVE-ID: CVE-2026-6538)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the BEEP protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger stack-based buffer overflow and cause a denial of service condition on the target system.


30) Heap-based buffer overflow (CVE-ID: CVE-2026-5653)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the DCP-ETSI protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


31) Path traversal (CVE-ID: CVE-2026-5656)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the Configuration Profile import feature. A remote attacker can trick a victim to import a malformed configuration profile and write arbitrary files on the system, leading to arbitrary code execution.


32) Double free (CVE-ID: CVE-2026-5657)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the iLBC codec. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger double free error and cause a denial of service condition on the target system.


33) Use-after-free (CVE-ID: CVE-2026-5655)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the SDP protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


34) Uncontrolled Recursion (CVE-ID: CVE-2026-5409)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion in the Monero protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


35) Heap-based buffer overflow (CVE-ID: CVE-2026-5405)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the RDP dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


36) Heap-based buffer overflow (CVE-ID: CVE-2026-5403)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SBC audio codec. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.


37) Stack-based buffer overflow (CVE-ID: CVE-2026-5404)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the K12 RF5 file parser. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger stack-based buffer overflow and cause a denial of service condition on the target system.


38) Heap-based buffer overflow (CVE-ID: CVE-2026-5402)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the TLS protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


39) Uncontrolled Recursion (CVE-ID: CVE-2026-5401)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion in the AFP Spotlight protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


40) Uncontrolled Recursion (CVE-ID: CVE-2026-5299)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion in the ICMPv6 PvD protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


41) Infinite loop (CVE-ID: CVE-2026-5407)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the SMB2 protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and cause denial of service conditions.


42) Uncontrolled Recursion (CVE-ID: CVE-2026-5406)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion in the FC-SWILS protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


43) Uncontrolled Recursion (CVE-ID: CVE-2026-5408)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion in the BT-DHT protocol dissector. A remote attacker can trick a victim to open a specially crafted packet trace file and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References