CVE-2026-7376
Modified Modified - Updated After Analysis
Denial of Service in Sharkd

Publication date: 2026-04-30

Last updated on: 2026-05-06

Assigner: GitLab Inc.

Description
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7376
EUVD
EUVD-2026-26311
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.15 (exc)
wireshark wireshark From 4.6.0 (inc) to 4.6.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-7376 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-7376 is a vulnerability in the Wireshark Sharkd utility affecting versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It is caused by a NULL pointer dereference when the comment parameter in the setcomment JSON-RPC method is omitted. Since the comment parameter is optional, the code does not properly check for NULL before calling strlen on it, leading to a crash (segmentation fault) of the sharkd process.

This crash can be triggered by sending a single malformed JSON-RPC request with the comment parameter missing, causing the sharkd service to crash due to improper error handling.

Impact Analysis

This vulnerability can cause a denial of service by crashing the sharkd component of Wireshark when it receives a specially crafted JSON-RPC request. This crash disrupts the normal operation of the service, potentially affecting network analysis or monitoring tasks that rely on sharkd.

Although no known exploits exist, an attacker with the ability to send crafted JSON requests could trigger this crash, leading to service unavailability.

Detection Guidance

The vulnerability can be detected by monitoring for crashes in the Wireshark sharkd utility, especially when it processes JSON-RPC requests.

Specifically, the crash occurs when a malformed JSON-RPC request omits the comment parameter in the setcomment method, leading to a NULL pointer dereference.

Detection could involve capturing and analyzing JSON-RPC traffic to sharkd for requests missing the comment parameter or malformed JSON files.

While no explicit commands are provided in the resources, one could use network traffic analysis tools (like tcpdump or Wireshark itself) to filter JSON-RPC traffic to sharkd and inspect for missing parameters.

  • Use tcpdump to capture traffic on the port used by sharkd: tcpdump -i <interface> port <sharkd_port> -w capture.pcap
  • Analyze the capture with Wireshark to filter JSON-RPC requests and check for missing 'comment' parameters in setcomment method calls.
  • Monitor sharkd logs or crash reports for segmentation faults or AddressSanitizer SEGV errors indicating a NULL pointer dereference.
Mitigation Strategies

The recommended immediate mitigation is to upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, where the vulnerability has been fixed.

The fix involves adding a NULL check before calling strlen on the comment parameter, preventing the crash.

Until the upgrade can be applied, consider restricting access to the sharkd service to trusted clients only, to reduce the risk of receiving malformed JSON-RPC requests.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7376. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart