CVE-2026-5404

Exploit

EPSS 0.01%
Veröffentlicht 30.04.2026 23:04:08
Zuletzt bearbeitet 01.05.2026 19:22:11
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 4.4.0 < 4.4.15

Wireshark ≫ Wireshark Version >= 4.6.0 < 4.6.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cve@gitlab.com	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.wireshark.org/security/wnpa-sec-2026-15.html

Vendor Advisory

https://gitlab.com/wireshark/wireshark/-/issues/21094

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-5404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5404

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5404