{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9759", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-05-27T18:16:39.521Z", "datePublished": "2026-05-27T18:33:18.742Z", "dateUpdated": "2026-05-27T19:36:26.557Z"}, "containers": {"cna": {"title": "NULL Pointer Dereference in Wireshark", "descriptions": [{"lang": "en", "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.6", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.16", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference", "cweId": "CWE-476", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to Wireshark 4.6.6 or above"}], "credits": [{"lang": "en", "value": "Arjun Basnet @ Securin Labs", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-05-27T18:33:18.742Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-27T19:35:43.254414Z", "id": "CVE-2026-9759", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T19:36:26.557Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-9759", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-27T19:35:43.254414Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T19:36:21.604Z"}}], "cna": {"title": "NULL Pointer Dereference in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "Arjun Basnet @ Securin Labs"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.6", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.16", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to Wireshark 4.6.6 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"}], "descriptions": [{"lang": "en", "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-05-27T18:33:18.742Z"}}}, "cveMetadata": {"cveId": "CVE-2026-9759", "state": "PUBLISHED", "dateUpdated": "2026-05-27T19:36:26.557Z", "dateReserved": "2026-05-27T18:16:39.521Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-05-27T18:33:18.742Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThan": "4.6.6", "status": "affected", "version": "4.6.0", "versionType": "semver"}, {"lessThan": "4.4.16", "status": "affected", "version": "4.4.0", "versionType": "semver"}]}], "source": "cve@gitlab.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EE37E9D-2C45-4E53-AC1F-698639E2DA41", "versionEndExcluding": "4.4.16", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "26F2DB88-ABDA-4A7F-93A2-9CB460F8FB59", "versionEndExcluding": "4.6.6", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"}], "id": "CVE-2026-9759", "lastModified": "2026-06-17T11:05:38.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-9759", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-27T19:35:43.254414Z", "version": "2.0.3"}}]}, "published": "2026-05-27T20:16:46.797", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21243"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2026-51.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve@gitlab.com", "type": "Secondary"}]}

{"bugzilla": {"description": "wireshark: NULL Pointer Dereference in Wireshark", "id": "2482358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482358"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "If the ROHC protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2026-9759", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T18:33:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-9759\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-9759\nhttps://gitlab.com/wireshark/wireshark/-/work_items/21243\nhttps://www.wireshark.org/security/wnpa-sec-2026-51.html"], "statement": "This issue will cause a crash in Wireshark with no other security impact. Also, this flaw can only be exploited when a malformed pcap file is processed. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.6.0,4.6.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.16)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Wireshark", "source": "cna", "vendor": "Wireshark Foundation"}, "product": "wireshark", "vendor": "wireshark"}], "created": "2026-05-27T22:15:25.996828+00:00", "updated": "2026-05-28T01:45:03.321293+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}