CVE-2026-5404

MEDIUM

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark

Title source: cna
STIX 2.1

Description

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

References (2)

Scores

CVSS v3 4.7
EPSS 0.0001
EPSS Percentile 2.1%
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (2)
Wireshark Foundation/Wireshark 4.4.0 - 4.4.15
Wireshark Foundation/Wireshark 4.6.0 - 4.6.5
Published Apr 30, 2026
Tracked Since May 01, 2026