Wireshark Security Update: Denial of Service Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Wireshark Security Update: Denial of Service Risk

OESA-2026-1546

Summary

Wireshark, a network traffic analysis tool, has received security updates to prevent denial of service attacks. These attacks could freeze or crash the application, disrupting network analysis. To ensure security, update your Wireshark installation to the latest version as soon as possible.

What to do

Update wireshark to version 3.6.14-13.oe2003sp4.

Affected software

Vendor	Product	Affected versions	Fix available
–	wireshark	<= 3.6.14-13.oe2003sp4	3.6.14-13.oe2003sp4

Original title

wireshark security update

Original description

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

Security Fix(es):

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service(CVE-2025-11626)

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service due to access of uninitialized pointer(CVE-2025-13499)

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service(CVE-2025-13946)

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file(CVE-2025-5601)

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-11626 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-13499 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-13946 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-5601 Vendor Advisory

Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026