CVE-2026-15174 in Wireshark
Summary
by MITRE • 07/09/2026
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/09/2026
The vulnerability resides in the Catapult DCT2000 protocol dissector within Wireshark versions ranging from 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, presenting a critical denial of service risk that can be exploited by remote attackers. This issue manifests when the dissector encounters malformed or specially crafted network packets containing Catapult DCT2000 protocol data structures, leading to unexpected application crashes and system unresponsiveness. The flaw represents a classic buffer overflow condition where insufficient input validation allows malicious packet content to overwrite memory regions beyond allocated boundaries. According to the CWE catalog, this corresponds to CWE-121: Stack-based Buffer Overflow, which occurs when data is written beyond the bounds of a stack-allocated buffer during protocol parsing operations.
The operational impact of this vulnerability extends beyond simple service disruption as it enables attackers to remotely crash Wireshark instances running vulnerable versions, effectively preventing network analysis and monitoring capabilities. Network administrators and security professionals who rely on Wireshark for traffic inspection and forensic analysis face significant operational risks when this vulnerability is exploited, particularly in environments where continuous monitoring is critical. The attack surface includes any network administrator or analyst who might unknowingly open a malicious packet capture file containing Catapult DCT2000 protocol data, or who captures such packets during network monitoring activities. This vulnerability aligns with ATT&CK technique T1498: Network Denial of Service within the adversary tactics framework, as it enables the disruption of network analysis capabilities through service interruption.
Mitigation strategies involve immediate patching to versions of Wireshark that have addressed this specific buffer overflow condition in the Catapult DCT2000 dissector. Users should upgrade to Wireshark version 4.4.17 or 4.6.7, which contain the necessary fixes for proper input validation and memory boundary checking during protocol parsing. Additionally, network security teams should implement packet filtering rules that identify and block suspicious Catapult DCT2000 protocol traffic patterns when such traffic is not expected in their network environments. The underlying technical fix involves implementing robust bounds checking and input sanitization within the dissector code to prevent buffer overflows when processing malformed protocol data structures. Organizations should also consider implementing network segmentation and access controls to limit exposure to potentially malicious packet capture files, particularly those obtained from untrusted sources or external networks where such traffic patterns might not be expected.