Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN466
_____________________________________________________________________

DATE                : 06/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running wireshark versions prior to
                              4.6.5, 4.4.15.

=====================================================================
https://www.wireshark.org/security/wnpa-sec-2026-14.html
https://www.wireshark.org/security/wnpa-sec-2026-09.html
https://www.wireshark.org/security/wnpa-sec-2026-34.html
https://www.wireshark.org/security/wnpa-sec-2026-45.html
https://www.wireshark.org/security/wnpa-sec-2026-46.html
https://www.wireshark.org/security/wnpa-sec-2026-44.html
https://www.wireshark.org/security/wnpa-sec-2026-43.html
https://www.wireshark.org/security/wnpa-sec-2026-42.html
https://www.wireshark.org/security/wnpa-sec-2026-41.html
https://www.wireshark.org/security/wnpa-sec-2026-40.html
https://www.wireshark.org/security/wnpa-sec-2026-39.html
https://www.wireshark.org/security/wnpa-sec-2026-37.html
https://www.wireshark.org/security/wnpa-sec-2026-36.html
https://www.wireshark.org/security/wnpa-sec-2026-35.html
https://www.wireshark.org/security/wnpa-sec-2026-30.html
https://www.wireshark.org/security/wnpa-sec-2026-33.html
https://www.wireshark.org/security/wnpa-sec-2026-29.html
https://www.wireshark.org/security/wnpa-sec-2026-26.html
https://www.wireshark.org/security/wnpa-sec-2026-24.html
https://www.wireshark.org/security/wnpa-sec-2026-17.html
https://www.wireshark.org/security/wnpa-sec-2026-12.html
https://www.wireshark.org/security/wnpa-sec-2026-11.html
_____________________________________________________________________

wnpa-sec-2026-14 · TLS dissector crash and possible code execution

Summary

Name: TLS dissector crash and possible code execution

Docid: wnpa-sec-2026-14

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4

Fixed versions: 4.6.5

References:

Wireshark issue 21090.
CVE-2026-5402.

Details
Description
The TLS dissector could crash and possibly execute untrusted code.

Impact
Discovered by Duc Anh Nguyen. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash or execute untrusted
code by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 4.6.5 or later.

_____________________________________________________________________

wnpa-sec-2026-09 · BT-DHT dissector crash

Summary

Name: BT-DHT dissector crash

Docid: wnpa-sec-2026-09

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21067.
CVE-2026-5408.

Details
Description

The BT-DHT dissector could crash.

Impact
Discovered by Brendan Coles. We are unaware of any exploits for this
issue.
It may be possible to make Wireshark crash consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 4.6.5, 4.4.15 or later.
_____________________________________________________________________

wnpa-sec-2026-34 · ASN.1 PER dissector crash

Summary

Name: ASN.1 PER dissector crash

Docid: wnpa-sec-2026-34

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21149.
CVE-2026-6527.

Details
Description

Protocol dissectors that use ASN.1 PER encoding could crash.

Impact
Discovered by Alexandre de Oliveira. We are unaware of any exploits
for this issue. It may be possible to make Wireshark crash by
injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 4.6.5, 4.4.15 or later.
_____________________________________________________________________

wnpa-sec-2026-45 · SMB2 protocol dissector crash

Summary

Name: SMB2 protocol dissector crash

Docid: wnpa-sec-2026-45

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21191.
CVE-2026-6867.

Details
Description

The SMB2 protocol dissector could crash.

Impact

Discovered by Alexandre de Oliveira. We are unaware of any exploits for
this issue. It may be possible to make Wireshark crash or consume
excessive resources by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.
_____________________________________________________________________

wnpa-sec-2026-46 · HTTP protocol dissector crash

Summary

Name: HTTP protocol dissector crash

Docid: wnpa-sec-2026-46

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21185.
CVE-2026-6868.

Details

Description

The HTTP protocol dissector could crash.

Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for
this issue. It may be possible to make Wireshark crash by injecting
a malformed packet onto the wire or by convincing someone to read
a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-44 · WebSocket protocol dissector crash

Summary

Name: WebSocket protocol dissector crash

Docid: wnpa-sec-2026-44

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21190.
CVE-2026-6869.

Details
Description

The WebSocket protocol dissector could crash.

Impact

Discovered by Alexandre de Oliveira. We are unaware of any exploits
for this issue. It may be possible to make Wireshark crash or consume
excessive resources by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-43 · GSM RP protocol dissector crash

Summary

Name: GSM RP protocol dissector crash

Docid: wnpa-sec-2026-43

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21189.
CVE-2026-6870.

Details
Description

The GSM RP protocol dissector could crash.

Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-42 · RPKI-Router protocol dissector infinite loop

Summary

Name: RPKI-Router protocol dissector infinite loop

Docid: wnpa-sec-2026-42

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21186.
CVE-2026-6522.


Details

Description

The RPKI-Router protocol dissector could go into an infinite loop.

Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-41 · MBIM protocol dissector infinite loop

Summary

Name: MBIM protocol dissector infinite loop

Docid: wnpa-sec-2026-41

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21184.
CVE-2026-6519.


Details
Description

The MBIM protocol dissector could go into an infinite loop.

Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-40 · OpenFlow v6 protocol dissector infinite loop

Summary

Name: OpenFlow v6 protocol dissector infinite loop

Docid: wnpa-sec-2026-40

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21181.
CVE-2026-6520.

Details
Description

The OpenFlow v6 protocol dissector could go into an infinite loop.


Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-39 · OpenFlow v5 protocol dissector infinite loops

Summary

Name: OpenFlow v5 protocol dissector infinite loops

Docid: wnpa-sec-2026-39

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21182.
Wireshark issue 21188.
CVE-2026-6521.

Details
Description

The OpenFlow v5 protocol dissector could go into an infinite loop.


Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-37 · MySQL protocol dissector crash

Summary

Name: MySQL protocol dissector crash

Docid: wnpa-sec-2026-37

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21172.
CVE-2026-6524.
Details
Description

The MySQL protocol dissector could crash.
Impact

Discovered by Alexandre de Oliveira. We are unaware of any exploits
for this issue. It may be possible to make Wireshark crash by injecting
a malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.
_____________________________________________________________________

wnpa-sec-2026-36 · IEEE 802.11 protocol dissector crash

Summary

Name: IEEE 802.11 protocol dissector crash

Docid: wnpa-sec-2026-36

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4

Fixed versions: 4.6.5

References:

Wireshark issue 21008.
CVE-2026-6525.

Details
Description

The IEEE 802.11 protocol dissector could crash.

Impact

Discovered by Nils Bagge. We are unaware of any exploits for this issue.
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.

Resolution

Upgrade to Wireshark 4.6.5 or later.

_____________________________________________________________________

wnpa-sec-2026-35 · RTSP protocol dissector crash

Summary

Name: RTSP protocol dissector crash

Docid: wnpa-sec-2026-35

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4

Fixed versions: 4.6.5

References:

Wireshark issue 21173.
CVE-2026-6526.

Details
Description

The RTSP protocol dissector could crash.

Impact

Discovered by Alexandre de Oliveira. We are unaware of any exploits for
this issue. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5 or later.
_____________________________________________________________________

wnpa-sec-2026-30 · SANE protocol dissector infinite loop

Summary

Name: SANE protocol dissector infinite loop

Docid: wnpa-sec-2026-30

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21139.
CVE-2026-6531.

Details

Description

The SANE protocol dissector could go into an infinite loop.

Impact
_____________________________________________________________________

wnpa-sec-2026-33 · TLS protocol dissector infinite loop

Summary

Name: TLS protocol dissector infinite loop

Docid: wnpa-sec-2026-33

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4

Fixed versions: 4.6.5

References:

Wireshark issue 21151.
Wireshark issue 21147.
CVE-2026-6528.

Details
Description

The TLS protocol dissector could go into an infinite loop.

Impact
_____________________________________________________________________

wnpa-sec-2026-29 · Kismet protocol dissector crash

Summary

Name: Kismet protocol dissector crash

Docid: wnpa-sec-2026-29

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21129.
Wireshark issue 21128.
CVE-2026-6532.

Details
Description

The Kismet protocol dissector could crash.

Impact

Discovered by Sharon Brizinov. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-26 · Dissection engine zlib decompression crash

Summary

Name: Dissection engine zlib decompression crash

Docid: wnpa-sec-2026-26

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21097.
Wireshark issue 21098.
CVE-2026-6535.

Details
Description

The zlib decompressor in Wireshark's dissection engine could crash.

Impact
_____________________________________________________________________

wnpa-sec-2026-24 · ZigBee dissector crash

Summary

Name: ZigBee dissector crash

Docid: wnpa-sec-2026-24

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21125.
CVE-2026-6537.

Details
Description

The ZigBee protocol dissector could crash.

Impact

Discovered by Duc Anh Nguyen. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-17 · RDP dissector crash

Summary

Name: RDP dissector crash

Docid: wnpa-sec-2026-17

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21105.
CVE-2026-5405.

Details
Description

The RDP dissector could crash and possibly execute arbitrary code.

Impact

Discovered by Duc Anh Nguyen. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash and possibly execute
arbitrary code by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.


Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-12 · ICMPv6 dissector crash

Summary

Name: ICMPv6 dissector crash

Docid: wnpa-sec-2026-12

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21077.
CVE-2026-5299.

Details
Description

The ICMPv6 protocol dissector could crash.

Impact

Discovered by Brendan Coles. We are unaware of any exploits for this
issue. It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.

_____________________________________________________________________

wnpa-sec-2026-11 · SMB2 dissector infinite loop

Summary

Name: SMB2 dissector infinite loop

Docid: wnpa-sec-2026-11

Date: April 29, 2026

Affected versions: 4.6.0 to 4.6.4, 4.4.0 to 4.4.14

Fixed versions: 4.6.5, 4.4.15

References:

Wireshark issue 21073.
CVE-2026-5407.

Details
Description

The SMB2 protocol dissector could go into an infinite loop.

Impact

Discovered by Brendan Coles. We are unaware of any exploits for
this issue. It may be possible to make Wireshark consume
excessive CPU resources by injecting a malformed packet onto
the wire or by convincing someone to read a malformed packet
trace file.

Resolution

Upgrade to Wireshark 4.6.5, 4.4.15 or later.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================