CVE-2026-5657
iLBC Codec Crash in Wireshark Denial of Service
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.14 (inc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if Wireshark versions 4.6.0 to 4.6.4 or 4.4.0 to 4.4.14 are in use, as these versions are affected by the iLBC codec crash.
Detection involves monitoring for crashes in Wireshark when processing iLBC RTP streams, especially when loading or playing PCAP files containing such streams.
There are no specific commands provided to detect the vulnerability directly on the network or system.
How can this vulnerability impact me? :
This vulnerability can cause Wireshark to crash, resulting in a denial of service. An attacker could exploit this by injecting malformed packets or tricking a user into opening a malicious packet trace file, causing the application to terminate unexpectedly.
While no known exploits currently exist, the impact is primarily disruption of service rather than data compromise.
Can you explain this vulnerability to me?
The vulnerability in Wireshark's iLBC codec is caused by a double-free condition due to incorrect memory management in the codec's release function. Specifically, the function `codec_iLBC_release()` frees a pointer that is also freed again by the caller, leading to a crash when Wireshark is closed after processing certain iLBC RTP streams.
This crash can be triggered by loading a specially crafted PCAP file containing malformed iLBC packets and then closing Wireshark, causing the application to crash unexpectedly.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Wireshark to version 4.6.5, 4.4.15, or later, where the vulnerability has been fixed.
Until the upgrade is applied, avoid opening or playing PCAP files containing iLBC RTP streams from untrusted sources to prevent triggering the crash.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-5657 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.