CVE-2026-15167 in Wiresharkinfo

Summary

by MITRE • 07/09/2026

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

The vulnerability resides in the DBS Etherwatch file parser component of Wireshark, affecting versions ranging from 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16. This issue manifests as a denial of service condition that occurs when processing maliciously crafted DBS Etherwatch files, which are commonly used for network traffic analysis and monitoring purposes within enterprise environments. The flaw represents a classic buffer over-read scenario where the parser fails to properly validate input data structures before attempting to parse them, leading to unpredictable application behavior and system instability.

The technical implementation of this vulnerability stems from insufficient bounds checking within the DBS Etherwatch file format handler. When Wireshark encounters a malformed or specially crafted DBS Etherwatch file, the parser attempts to read memory locations beyond the allocated buffer boundaries, causing the application to crash or become unresponsive. This type of vulnerability aligns with CWE-129, which addresses insufficient validation of length fields, and CWE-787, concerning out-of-bounds write operations that can lead to application instability. The root cause lies in the parser's failure to properly validate the structure and size of incoming data before processing, creating an exploitable condition that adversaries can leverage for service disruption.

From an operational perspective, this vulnerability poses significant risk to network monitoring infrastructure that relies on Wireshark for traffic analysis. Security operations centers and network administrators who regularly process various types of network capture files may inadvertently trigger the crash when analyzing suspicious or malicious traffic samples. The denial of service impact extends beyond simple application termination, as it can disrupt ongoing network monitoring activities, potentially masking actual security incidents while the tool becomes unavailable. This vulnerability particularly affects environments where automated analysis systems process untrusted network data, creating potential attack vectors for adversaries seeking to disrupt network visibility capabilities.

The mitigation strategy involves immediate upgrading to Wireshark versions that have patched this vulnerability, specifically versions 4.4.17 and 4.6.7 or later. Network security teams should also implement defensive measures such as validating file sources before processing DBS Etherwatch files, implementing sandboxed environments for suspicious file analysis, and establishing monitoring protocols to detect application crashes or unresponsiveness. Organizations utilizing automated network analysis pipelines should consider implementing input validation checks that can identify malformed DBS Etherwatch files before they reach the vulnerable parser component. This vulnerability demonstrates the importance of proper input validation in network security tools and aligns with ATT&CK technique T1499.002, which covers network denial of service attacks through application instability, emphasizing the need for robust parsing logic in security tooling to prevent exploitation of such fundamental flaws that can compromise entire monitoring infrastructures.

Responsible

GitLab

Reservation

07/08/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!