Volerion logoVolerion
Volerion logoVolerion

Wireshark IEEE 802.11 Protocol Dissector Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12. The issue arises in the IEEE 802.11 protocol dissector, where a stack-buffer-overflow can be triggered by processing malformed packet data. This flaw was discovered by OSS-Fuzz and can cause Wireshark to crash.

Impact

Exploitation of this vulnerability leads to a stack-buffer-overflow, causing a crash of the Wireshark application.

Reproduction

The vulnerability can be reproduced by using Wireshark to open a packet capture file that contains malformed IEEE 802.11 packets. This can be done by injecting such packets onto the network or by using a crafted packet trace file that exploits the dissector's handling of tagged parameters.

Remediation

Users can upgrade to Wireshark versions 4.6.3, 4.4.13 or later to address this vulnerability.

Added: Jan 14, 2026, 9:21 PM
Updated: Jan 14, 2026, 9:21 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
5.8
remediation
7.7
relevance
2.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.