7.5
CVE-2026-3201
- EPSS 0.18%
- Veröffentlicht 25.02.2026 14:35:50
- Zuletzt bearbeitet 26.02.2026 14:49:01
- Quelle cve@gitlab.com
- CVE-Watchlists
- Unerledigt
Improperly Controlled Sequential Memory Allocation in Wireshark
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.081 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| cve@gitlab.com | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-1325 Improperly Controlled Sequential Memory Allocation
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://www.wireshark.org/security/wnpa-sec-2026-05.html
https://gitlab.com/wireshark/wireshark/-/issues/20972