CVE-2026-7379
Received Received - Intake
Memory Leak in Sharkd Allows Denial of Service

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description
Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7379
EUVD
EUVD-2026-26313
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.15 (exc)
wireshark wireshark From 4.6.0 (inc) to 4.6.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The recommended immediate mitigation is to upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, where this memory leak vulnerability has been fixed.

Until an upgrade can be applied, consider limiting or blocking access to the sharkd service to prevent repeated load requests that trigger the memory leak.

Executive Summary

CVE-2026-7379 is a memory leak vulnerability in the Sharkd utility of Wireshark, affecting versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

The issue occurs in the cf_open function where previous capture file resources are not properly freed when a new capture file is loaded. This causes memory leaks of approximately 440 KB per load request.

An attacker can exploit this by sending repeated load requests via the sharkd socket, causing Sharkd to consume excessive memory and CPU resources, potentially leading to a denial-of-service condition.

No known exploits currently exist, and the recommended fix is to upgrade to Wireshark versions 4.6.5 or 4.4.15 or later.

Impact Analysis

This vulnerability can impact you by allowing an attacker to cause the Sharkd utility to consume excessive memory and CPU resources.

Repeated exploitation through load requests can lead to unbounded memory consumption, which may result in denial-of-service conditions where the affected system or service becomes unavailable or unstable.

Detection Guidance

The vulnerability involves a memory leak in the sharkd component of Wireshark, which can be detected by monitoring for excessive memory consumption or CPU usage by the sharkd process.

Detection can be performed by observing repeated load requests to the sharkd socket, which cause unbounded memory consumption.

Using tools like AddressSanitizer (ASAN) can help confirm memory leaks by showing direct and indirect memory leak reports.

  • Monitor sharkd process memory and CPU usage with commands like: `top`, `htop`, or `ps aux | grep sharkd`.
  • Check open network sockets related to sharkd with: `ss -lptn | grep sharkd` or `netstat -anp | grep sharkd`.
  • Use AddressSanitizer or similar memory debugging tools during testing to detect memory leaks.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart