OESA-2026-1545
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1545
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1545.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1545
- Upstream
- Published
- 2026-03-15T05:52:46Z
- Modified
- 2026-03-15T06:18:32.253821Z
- Summary
- wireshark security update
- Details
-
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols.
Security Fix(es):
Wireshark is a widely used network protocol analyzer. In Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12, there is an out-of-bounds write vulnerability in its IEEE 802.11 protocol dissector. An attacker can exploit this vulnerability by crafting a malicious network packet. During the parsing process, this triggers the vulnerability, causing the Wireshark process to crash, thereby achieving a denial of service attack.(CVE-2026-0959)
Wireshark is a widely used network protocol analyzer. In versions 4.6.0 to 4.6.2, a flaw exists in its HTTP3 protocol dissector. When processing network packets of a specific format, it enters an unreachable exit condition (infinite loop), causing the Wireshark process to hang or crash, resulting in a denial of service.(CVE-2026-0960)
Wireshark is a widely used network protocol analyzer. A vulnerability exists in the BLF file parser of Wireshark versions 4.6.0 to 4.6.2 and versions 4.4.0 to 4.4.12. An attacker can craft a malicious BLF file to trigger an out-of-bounds write in the parser, leading to a crash and resulting in a denial of service.(CVE-2026-0961)
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service(CVE-2026-0962)
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service(CVE-2026-3201)
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service(CVE-2026-3203)
- Database specific
{ "severity": "Medium" }- References
-
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1545
- https://nvd.nist.gov/vuln/detail/CVE-2026-0959
- https://nvd.nist.gov/vuln/detail/CVE-2026-0960
- https://nvd.nist.gov/vuln/detail/CVE-2026-0961
- https://nvd.nist.gov/vuln/detail/CVE-2026-0962
- https://nvd.nist.gov/vuln/detail/CVE-2026-3201
- https://nvd.nist.gov/vuln/detail/CVE-2026-3203
Affected packages
openEuler:24.03-LTS-SP3 / wireshark
Package
- Name
- wireshark
- Purl
- pkg:rpm/openEuler/wireshark&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.14-1.oe2403sp3
Ecosystem specific
{
"aarch64": [
"wireshark-4.4.14-1.oe2403sp3.aarch64.rpm",
"wireshark-debuginfo-4.4.14-1.oe2403sp3.aarch64.rpm",
"wireshark-debugsource-4.4.14-1.oe2403sp3.aarch64.rpm",
"wireshark-devel-4.4.14-1.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"wireshark-4.4.14-1.oe2403sp3.x86_64.rpm",
"wireshark-debuginfo-4.4.14-1.oe2403sp3.x86_64.rpm",
"wireshark-debugsource-4.4.14-1.oe2403sp3.x86_64.rpm",
"wireshark-devel-4.4.14-1.oe2403sp3.x86_64.rpm"
],
"noarch": [
"wireshark-help-4.4.14-1.oe2403sp3.noarch.rpm"
],
"src": [
"wireshark-4.4.14-1.oe2403sp3.src.rpm"
]
}