{"schema_version":"1.7.2","id":"OESA-2026-1545","modified":"2026-03-15T05:52:46Z","published":"2026-03-15T05:52:46Z","upstream":["CVE-2026-0959","CVE-2026-0960","CVE-2026-0961","CVE-2026-0962","CVE-2026-3201","CVE-2026-3203"],"summary":"wireshark security update","details":"Wireshark allows you to examine protocol data stored in files or as it is\ncaptured from wired or wireless (WiFi or Bluetooth) networks, USB devices,\nand many other sources.  It supports dozens of protocol capture file formats\nand understands more than a thousand protocols.\r\n\r\nSecurity Fix(es):\n\nWireshark is a widely used network protocol analyzer. In Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12, there is an out-of-bounds write vulnerability in its IEEE 802.11 protocol dissector. An attacker can exploit this vulnerability by crafting a malicious network packet. During the parsing process, this triggers the vulnerability, causing the Wireshark process to crash, thereby achieving a denial of service attack.(CVE-2026-0959)\n\nWireshark is a widely used network protocol analyzer. In versions 4.6.0 to 4.6.2, a flaw exists in its HTTP3 protocol dissector. When processing network packets of a specific format, it enters an unreachable exit condition (infinite loop), causing the Wireshark process to hang or crash, resulting in a denial of service.(CVE-2026-0960)\n\nWireshark is a widely used network protocol analyzer. A vulnerability exists in the BLF file parser of Wireshark versions 4.6.0 to 4.6.2 and versions 4.4.0 to 4.4.12. An attacker can craft a malicious BLF file to trigger an out-of-bounds write in the parser, leading to a crash and resulting in a denial of service.(CVE-2026-0961)\n\nSOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service(CVE-2026-0962)\n\nUSB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service(CVE-2026-3201)\n\nRF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service(CVE-2026-3203)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"wireshark","purl":"pkg:rpm/openEuler/wireshark&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.14-1.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["wireshark-4.4.14-1.oe2403sp3.aarch64.rpm","wireshark-debuginfo-4.4.14-1.oe2403sp3.aarch64.rpm","wireshark-debugsource-4.4.14-1.oe2403sp3.aarch64.rpm","wireshark-devel-4.4.14-1.oe2403sp3.aarch64.rpm"],"noarch":["wireshark-help-4.4.14-1.oe2403sp3.noarch.rpm"],"src":["wireshark-4.4.14-1.oe2403sp3.src.rpm"],"x86_64":["wireshark-4.4.14-1.oe2403sp3.x86_64.rpm","wireshark-debuginfo-4.4.14-1.oe2403sp3.x86_64.rpm","wireshark-debugsource-4.4.14-1.oe2403sp3.x86_64.rpm","wireshark-devel-4.4.14-1.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1545"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0959"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0960"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0961"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0962"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3201"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3203"}],"database_specific":{"severity":"Medium"}}