{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0962", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-01-14T20:14:11.634Z", "datePublished": "2026-01-14T20:23:38.829Z", "dateUpdated": "2026-01-14T21:11:23.281Z"}, "containers": {"cna": {"title": "Out-of-bounds Write in Wireshark", "descriptions": [{"lang": "en", "value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.3", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945", "name": "GitLab Issue #20945", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.3 or above"}], "credits": [{"lang": "en", "value": "Fatih \u00c7elik", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-01-14T20:23:38.829Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-14T21:11:03.243903Z", "id": "CVE-2026-0962", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:11:23.281Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0962", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-14T21:11:03.243903Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:11:14.667Z"}}], "cna": {"title": "Out-of-bounds Write in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "Fatih \u00c7elik"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.3", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.3 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945", "name": "GitLab Issue #20945", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-01-14T20:23:38.829Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0962", "state": "PUBLISHED", "dateUpdated": "2026-01-14T21:11:23.281Z", "dateReserved": "2026-01-14T20:14:11.634Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-01-14T20:23:38.829Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "id": "CVE-2026-0962", "lastModified": "2026-01-14T21:15:53.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-01-14T21:15:53.217", "references": [{"source": "[email protected]", "url": "https://gitlab.com/wireshark/wireshark/-/issues/20945"}, {"source": "[email protected]", "url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "Wireshark: Wireshark: Denial of Service via SOME/IP-SD protocol dissector crash", "id": "2429764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429764"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in Wireshark. A remote attacker could entice a user to open a specially crafted packet capture file. This action would trigger a crash in the SOME/IP-SD protocol dissector, leading to a Denial of Service (DoS) for the affected system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid opening untrusted capture files or analyzing untrusted live network traffic with Wireshark. Users should only process network data from known and trusted sources. If Wireshark is not actively used, consider removing the package to reduce the attack surface."}, "name": "CVE-2026-0962", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-14T20:23:38Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0962\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0962\nhttps://gitlab.com/wireshark/wireshark/-/issues/20945\nhttps://www.wireshark.org/security/wnpa-sec-2026-03.html"], "statement": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in the Wireshark SOME/IP-SD protocol dissector can lead to a denial of service. Exploitation requires user interaction, as a victim must open a specially crafted packet trace file or capture malicious network traffic. Impact is limited to systems where Wireshark is installed and actively used to process untrusted network captures.", "threat_severity": "Moderate"}

{"created": "2026-01-15T08:03:17.160120+00:00", "updated": "2026-01-15T08:03:17.160149+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}