—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Wireshark

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Wireshark versions 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Overview

Multiple vulnerabilities have been reported in reported in Wireshark, which could allow an attacker to cause denial of service conditions on the targeted system.

Target Audience:

All end-user organizations and individuals using Wireshark.

Risk Assessment:

High risk of denial-of-service conditions and/or remote code execution.

Impact Assessment:

Potential for denial of service and/or remote code execution.

Description

Wireshark is a network protocol analyzer used to capture and inspect data packets in real time for troubleshooting, analysis, and security purposes.

Multiple vulnerabilities have been reported in Wireshark due to improper handling of malformed packets in various protocol dissectors and components, leading to crashes, infinite loops, memory leaks, and potential code execution. An attacker could exploit these vulnerabilities to cause denial of service by exhausting system resources and potentially execute arbitrary code on the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to trigger denial of service condition and potentially execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.wireshark.org/security/wnpa-sec-2026-08.html

https://www.wireshark.org/security/wnpa-sec-2026-09.html

https://www.wireshark.org/security/wnpa-sec-2026-10.html

https://www.wireshark.org/security/wnpa-sec-2026-11.html

https://www.wireshark.org/security/wnpa-sec-2026-12.html

https://www.wireshark.org/security/wnpa-sec-2026-13.html

https://www.wireshark.org/security/wnpa-sec-2026-14.html

https://www.wireshark.org/security/wnpa-sec-2026-15.html

https://www.wireshark.org/security/wnpa-sec-2026-16.html

https://www.wireshark.org/security/wnpa-sec-2026-17.html

https://www.wireshark.org/security/wnpa-sec-2026-18.html

https://www.wireshark.org/security/wnpa-sec-2026-19.html

https://www.wireshark.org/security/wnpa-sec-2026-20.html

https://www.wireshark.org/security/wnpa-sec-2026-21.html

https://www.wireshark.org/security/wnpa-sec-2026-22.html

https://www.wireshark.org/security/wnpa-sec-2026-23.html

https://www.wireshark.org/security/wnpa-sec-2026-24.html

https://www.wireshark.org/security/wnpa-sec-2026-25.html

https://www.wireshark.org/security/wnpa-sec-2026-26.html

https://www.wireshark.org/security/wnpa-sec-2026-27.html

https://www.wireshark.org/security/wnpa-sec-2026-28.html

https://www.wireshark.org/security/wnpa-sec-2026-29.html

https://www.wireshark.org/security/wnpa-sec-2026-30.html

https://www.wireshark.org/security/wnpa-sec-2026-31.html

https://www.wireshark.org/security/wnpa-sec-2026-32.html

https://www.wireshark.org/security/wnpa-sec-2026-33.html

https://www.wireshark.org/security/wnpa-sec-2026-34.html

https://www.wireshark.org/security/wnpa-sec-2026-35.html

https://www.wireshark.org/security/wnpa-sec-2026-36.html

https://www.wireshark.org/security/wnpa-sec-2026-37.html

https://www.wireshark.org/security/wnpa-sec-2026-38.html

https://www.wireshark.org/security/wnpa-sec-2026-39.html

https://www.wireshark.org/security/wnpa-sec-2026-40.html

https://www.wireshark.org/security/wnpa-sec-2026-41.html

https://www.wireshark.org/security/wnpa-sec-2026-42.html

https://www.wireshark.org/security/wnpa-sec-2026-43.html

https://www.wireshark.org/security/wnpa-sec-2026-44.html

https://www.wireshark.org/security/wnpa-sec-2026-45.html

https://www.wireshark.org/security/wnpa-sec-2026-46.html

https://www.wireshark.org/security/wnpa-sec-2026-47.html

https://www.wireshark.org/security/wnpa-sec-2026-48.html

https://www.wireshark.org/security/wnpa-sec-2026-49.html

https://www.wireshark.org/security/wnpa-sec-2026-50.html

Vendor Information

Wireshark

https://www.wireshark.org/

References

 

https://www.wireshark.org/security/

CVE Name

CVE-2026-5409

CVE-2026-5408

CVE-2026-5406

CVE-2026-5407

CVE-2026-5299

CVE-2026-5401

CVE-2026-5402

CVE-2026-5404

CVE-2026-5403

CVE-2026-5405

CVE-2026-5654

CVE-2026-5655

CVE-2026-5657

CVE-2026-5656

CVE-2026-5653

CVE-2026-6538

CVE-2026-6537

CVE-2026-6536

CVE-2026-6535

CVE-2026-6534

CVE-2026-6533

CVE-2026-6532

CVE-2026-6531

CVE-2026-6530

CVE-2026-6529

CVE-2026-6528

CVE-2026-6527

CVE-2026-6526

CVE-2026-6525

CVE-2026-6524

CVE-2026-6523

CVE-2026-6521

CVE-2026-6520

CVE-2026-6519

CVE-2026-6522

CVE-2026-6870

CVE-2026-6869

CVE-2026-6867

CVE-2026-6868

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmn5+lgACgkQ3jCgcSdc

ys87XA/9HYoQjNelJM1tWJGlst+2EAXTyrpzxCSXROVkfeBjH0oL6ieqZ6KnaM/K

yd1bcUn7M0z283GunUyF0t9AyjLs7+WLT/2vT4y3gJNYFt+vEEHvCqFLAF02lBKD

xrsIP/qnqbeEb3/NctHPirZPla+2JvJG31Ld6EH+clMbiU0kW3mlDd3jKUwrEoMB

Om7X4spHtJlVUo5W68+W0BXxeVf/sE3gnADP6s6tGbBBl2IfKlzZRc2ZtjrZfDDe

VyN6DAZH5vUtMoZp3yqAnOkiR7ria7voY8UxhFDvX7XLB22ihX9cuYLYMyICg1M2

O8nkW3XMWQyrY6rFmdhUHH81boimVQXnBlLSUMmpzVbVJUrW/s21B24h15hqbUq/

bzOxkuc5smMPxI29VHxjH5P/Cwe9gXZ5Bj7GI1Cb50BILDs/oZUNNu28Ij+uFvcG

brHUvqh3ilcpTmF9zF4dxfg7VJ2FKTTh9YjtuknWiCN/wHerPIxVCI8RG5LENwCe

oOuQbm0oRYbwkHoyYrQuGTwTZxD9LzzICnsuvjXjCXz9tFtoq63dCfOCfHWVhQ2c

jf5BeBT586v1VLhedqIOApTEtPvF3mmEnjuOdcq+UjJyABpxrgzmBqr3GE/wqPYa

odMemL3ISgOJEqtD7I3Mx6uBhZqLtgstJaPXsonAByOYWVZAVE0=

=eXiM

—–END PGP SIGNATURE—–