CVE-2026-6868
Received Received - Intake

HTTP Protocol Dissector Crash in Wireshark

Vulnerability report for CVE-2026-6868, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.15 (exc)
wireshark wireshark From 4.6.0 (inc) to 4.6.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-6868 is a vulnerability in Wireshark's HTTP protocol dissector that causes a crash due to a stack buffer overflow. The issue occurs when the HTTP dissector processes X.25 conversation paths and incorrectly accesses uninitialized memory, leading to out-of-bounds memory reads. This flaw happens in the dissect_http_tcp() function when it tries to access tcpinfo->flags without proper validation, resulting in a crash or memory corruption.

Impact Analysis

This vulnerability can cause Wireshark to crash when it processes specially crafted malformed packets or malicious packet trace files. An attacker could exploit this by sending malformed packets over the network or tricking a user into opening a malicious capture file, resulting in a denial of service (DoS) condition where Wireshark becomes unusable.

Detection Guidance

This vulnerability can be detected by analyzing network traffic or packet capture files using Wireshark's command-line tool tshark with a specially crafted malicious pcap file named poc_http_crash.pcapng.

Running tshark on this malicious pcap file triggers the vulnerability, causing a crash or AddressSanitizer stack-buffer-overflow error, which confirms the presence of the flaw.

Suggested command to test detection: tshark -r poc_http_crash.pcapng

Mitigation Strategies

To mitigate this vulnerability immediately, users should upgrade Wireshark to version 4.6.5, 4.4.15, or later where the issue has been fixed.

Avoid opening untrusted or suspicious packet capture files that could exploit this flaw.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6868. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart