CVE-2026-15166 in Wireshark
Summary
by MITRE • 07/09/2026
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/09/2026
The vulnerability involves a critical flaw in Wireshark's IEEE 802.11 protocol dissector that can lead to denial of service conditions affecting versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16. This issue stems from improper handling of malformed or specially crafted IEEE 802.11 frames during packet analysis, creating a scenario where the dissector crashes when processing certain network traffic patterns. The flaw manifests when Wireshark attempts to parse wireless frames that contain invalid field values or unexpected frame structures, leading to memory corruption and subsequent application termination.
The technical implementation of this vulnerability aligns with CWE-121, which describes heap-based buffer overflow conditions, and CWE-125, addressing out-of-bounds read errors. The dissector fails to validate input parameters properly before attempting to process IEEE 802.11 frame headers, particularly in the handling of management frames and control frames that may contain variable-length fields. When encountering malformed frame contents, the dissector's parsing logic does not include adequate bounds checking or error recovery mechanisms, causing it to access memory locations outside the intended buffer boundaries.
From an operational impact perspective, this vulnerability creates significant risks for network monitoring and forensic analysis activities. Network administrators and security analysts who rely on Wireshark for wireless traffic inspection face potential service disruption when processing maliciously crafted packets or when encountering certain legitimate but improperly formatted wireless frames. The denial of service condition effectively prevents the application from continuing normal packet analysis operations, potentially interrupting critical network troubleshooting, incident response, or security monitoring tasks.
The attack vector typically involves capturing and analyzing specific IEEE 802.11 frames that contain malformed headers or unexpected field values within management or control frames. Attackers could leverage this vulnerability by injecting specially crafted wireless traffic into the network or by manipulating captured packets to trigger the dissector crash. This vulnerability directly maps to ATT&CK technique T1499.003, which involves network denial of service attacks through manipulation of network protocols.
Mitigation strategies include immediate upgrading to Wireshark versions 4.6.7 or 4.4.17, which contain patches addressing the buffer overflow conditions in the IEEE 802.11 dissector. Organizations should also implement network monitoring solutions that can detect and filter suspicious wireless traffic patterns before they reach systems running vulnerable Wireshark versions. Additionally, administrators should consider deploying network segmentation strategies that limit exposure to potentially malicious wireless traffic and maintain regular backup procedures for network analysis environments that may be affected by such denial of service conditions.