CVE-2026-15171 in Wiresharkinfo

Summary

by MITRE • 07/09/2026

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/09/2026

The vulnerability involves a critical flaw in Wireshark's SSH protocol dissector that can lead to denial of service conditions across multiple versions including 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16. This issue stems from improper handling of malformed SSH packets during packet analysis, specifically when processing certain SSH protocol headers and payload structures that deviate from standard specifications.

The technical implementation flaw occurs within Wireshark's protocol dissector engine where insufficient input validation and error handling mechanisms exist for SSH protocol data parsing. When analyzing network traffic containing specially crafted malicious SSH packets, the dissector fails to properly manage memory allocation and processing flow, leading to application crashes and complete service unavailability. This vulnerability represents a classic case of improper input validation that aligns with CWE-20 weakness classification related to improper input validation.

The operational impact of this vulnerability extends beyond simple service disruption as it can affect network monitoring and analysis capabilities across enterprise environments. Security analysts and network administrators who rely on Wireshark for traffic inspection and forensic analysis face potential operational downtime when encountering malicious SSH traffic. The denial of service condition renders the entire Wireshark application unusable until manual restart is performed, potentially interrupting ongoing security investigations or network troubleshooting activities.

The vulnerability exploitation requires minimal prerequisites as attackers only need to capture or inject specific malformed SSH packets into the network traffic that Wireshark is monitoring. This makes the attack vector particularly concerning for environments where automated network monitoring systems rely on Wireshark for continuous analysis of network protocols. The flaw affects both live packet capture scenarios and offline analysis of previously captured network data files.

Mitigation strategies should include immediate version updates to Wireshark 4.6.7 or 4.4.17 which contain the necessary patches addressing this dissector crash vulnerability. Organizations should also consider implementing network segmentation and traffic filtering policies that limit exposure to potentially malicious SSH traffic. Additionally, security teams should establish monitoring procedures to detect unusual application behavior patterns that may indicate exploitation attempts.

This vulnerability demonstrates the importance of robust input validation in protocol analysis tools and aligns with ATT&CK technique T1499.004 related to network denial of service attacks. The flaw underscores the critical need for comprehensive testing of protocol dissector implementations against malformed inputs and highlights the potential for seemingly benign network traffic analysis tools to become attack vectors when proper error handling mechanisms are absent.

Responsible

GitLab

Reservation

07/08/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!