Vulnerability CVE-2026-5299: Information

Description

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5299
Published: April 30, 2026
Modified: May 1, 2026
Error type identifier: CWE-674

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wiresharksisyphus4.6.5-alt14.6.5-alt1ALT-PU-2026-7053-4416999Fixed
wiresharksisyphus_e2k4.6.5-alt14.6.5-alt1ALT-PU-2026-7283-1-Fixed
wiresharksisyphus_riscv644.6.5-alt14.6.5-alt1ALT-PU-2026-7475-1-Fixed
wiresharksisyphus_loongarch644.6.5-alt14.6.5-alt1ALT-PU-2026-7491-1-Fixed
wiresharkp114.6.5-alt14.6.5-alt1ALT-PU-2026-7055-3417000Fixed
wiresharkc10f24.6.5-alt14.6.5-alt1ALT-PU-2026-7057-4417002Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.com/wireshark/wireshark/-/issues/21077
  • Exploit
  • Issue Tracking
https://www.wireshark.org/security/wnpa-sec-2026-12.html
  • Vendor Advisory
BDU:2026-06402
      1. cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
        Start including
        4.4.0
        End including
        4.4.14
        cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
        Start including
        4.6.0
        End including
        4.6.4
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top