CVE-2026-5406
Received Received - Intake

FC-SWILS Protocol Dissector DoS in Wireshark

Vulnerability report for CVE-2026-5406, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the FC-SWILS protocol dissector crash vulnerability (CVE-2026-5406) on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-5406 is a stack overflow vulnerability in the FC-SWILS protocol dissector of Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It occurs because the dissector's function recursively processes nested zone set objects without limiting recursion depth, causing excessive stack consumption. This leads to a crash (segmentation fault) when Wireshark attempts to build the protocol tree for these packets.

The vulnerability is triggered by specially crafted packets that cause the dissector to recurse deeply, overflowing the stack and crashing the application.

Impact Analysis

This vulnerability can cause Wireshark to crash (denial of service) when processing maliciously crafted packets or packet trace files. An attacker could exploit this by injecting malformed packets or tricking a user into opening a malicious capture file, leading to application instability or interruption.

While it does not allow code execution or data compromise, the denial of service could disrupt network analysis or monitoring activities.

Detection Guidance

This vulnerability causes Wireshark to crash with a segmentation fault (SIGSEGV) when processing malformed FC-SWILS packets that contain excessively nested zone set objects.

To detect the vulnerability, you can run tshark with the -V flag on suspicious packet captures containing FC-SWILS traffic. The crash occurs when the protocol tree is built, which requires the -V option.

Example command to test for the crash on a capture file (replace capture.pcap with your file):

  • tshark -r capture.pcap -V

If tshark crashes with a segmentation fault during this command, it indicates the presence of the vulnerability triggered by malformed FC-SWILS packets.

Mitigation Strategies

The primary mitigation is to upgrade Wireshark to a fixed version where this vulnerability is resolved.

  • Upgrade Wireshark to version 4.6.5 or later if you are using the 4.6.x branch.
  • Upgrade Wireshark to version 4.4.15 or later if you are using the 4.4.x branch.

Avoid opening untrusted or suspicious packet capture files that may contain malformed FC-SWILS packets until the upgrade is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart