CVE-2026-7376
Denial of Service in Sharkd
Publication date: 2026-04-30
Last updated on: 2026-05-06
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.15 (exc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7376 is a vulnerability in the Wireshark Sharkd utility affecting versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It is caused by a NULL pointer dereference when the comment parameter in the setcomment JSON-RPC method is omitted. Since the comment parameter is optional, the code does not properly check for NULL before calling strlen on it, leading to a crash (segmentation fault) of the sharkd process.
This crash can be triggered by sending a single malformed JSON-RPC request with the comment parameter missing, causing the sharkd service to crash due to improper error handling.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the sharkd component of Wireshark when it receives a specially crafted JSON-RPC request. This crash disrupts the normal operation of the service, potentially affecting network analysis or monitoring tasks that rely on sharkd.
Although no known exploits exist, an attacker with the ability to send crafted JSON requests could trigger this crash, leading to service unavailability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by monitoring for crashes in the Wireshark sharkd utility, especially when it processes JSON-RPC requests.
Specifically, the crash occurs when a malformed JSON-RPC request omits the comment parameter in the setcomment method, leading to a NULL pointer dereference.
Detection could involve capturing and analyzing JSON-RPC traffic to sharkd for requests missing the comment parameter or malformed JSON files.
While no explicit commands are provided in the resources, one could use network traffic analysis tools (like tcpdump or Wireshark itself) to filter JSON-RPC traffic to sharkd and inspect for missing parameters.
- Use tcpdump to capture traffic on the port used by sharkd: tcpdump -i <interface> port <sharkd_port> -w capture.pcap
- Analyze the capture with Wireshark to filter JSON-RPC requests and check for missing 'comment' parameters in setcomment method calls.
- Monitor sharkd logs or crash reports for segmentation faults or AddressSanitizer SEGV errors indicating a NULL pointer dereference.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, where the vulnerability has been fixed.
The fix involves adding a NULL check before calling strlen on the comment parameter, preventing the crash.
Until the upgrade can be applied, consider restricting access to the sharkd service to trusted clients only, to reduce the risk of receiving malformed JSON-RPC requests.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-7376 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.