{
  "threat_severity" : "Important",
  "public_date" : "2026-04-30T05:39:14Z",
  "bugzilla" : {
    "description" : "wireshark: Heap-based Buffer Overflow in Wireshark",
    "id" : "2464038",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2464038"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-122",
  "details" : [ "A flaw was found in the TLS protocol dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a heap-based buffer overflow, resulting in a denial of service or potentially in code execution." ],
  "statement" : "This issue will cause a crash in Wireshark and potentially result in code execution. This flaw can only be exploited when a malformed pcap file is processed. Due to these reasons, this vulnerability has been rated with an important severity.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-5402\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5402\nhttps://gitlab.com/wireshark/wireshark/-/issues/21090\nhttps://www.wireshark.org/security/wnpa-sec-2026-14.html" ],
  "name" : "CVE-2026-5402",
  "mitigation" : {
    "value" : "If the TLS protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html",
    "lang" : "en:us"
  },
  "csaw" : false
}