Denial of Service in Wireshark SSH Protocol Dissector
CVE-2026-15171

5.5MEDIUM

Key Information:

Vendor

Wireshark

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-15171?

A vulnerability in the SSH protocol dissector of Wireshark allows for a denial of service attack. Specifically, versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16 are impacted, where malformed SSH packets can cause the dissector to crash. This vulnerability can disrupt the functioning of the application, hindering users' ability to analyze network traffic effectively. It is crucial for users to upgrade to the latest versions to mitigate potential risks. Reference additional resources for more detailed insights on the vulnerability's implications.

Affected Version(s)

Wireshark 4.6.0 < 4.6.7

Wireshark 4.4.0 < 4.4.17

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrijs Trizna
.