Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Wireshark Denial-of-Service Vulnerability in USB HID Dissector
CVE-2026-3201
Summary
A flaw in Wireshark's USB HID protocol analyzer can cause the program to consume all available memory, leading to a denial-of-service. This affects Wireshark versions 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13. To fix the issue, update to Wireshark version 4.6.4 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wireshark | wireshark | > 4.4.0 , <= 4.4.14 | – |
| wireshark | wireshark | > 4.6.0 , <= 4.6.4 | – |
Original title
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
Original description
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
nvd CVSS3.1
7.5
Vulnerability type
CWE-1325
CWE-770
Allocation of Resources Without Limits
- https://gitlab.com/wireshark/wireshark/-/issues/20972 Exploit Issue Tracking Third Party Advisory
- https://www.wireshark.org/security/wnpa-sec-2026-05.html Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026