{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0959", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-01-14T20:13:56.850Z", "datePublished": "2026-01-14T20:23:28.986Z", "dateUpdated": "2026-01-14T21:18:44.677Z"}, "containers": {"cna": {"title": "Out-of-bounds Write in Wireshark", "descriptions": [{"lang": "en", "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.3", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939", "name": "GitLab Issue #20939", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.3 or above"}], "credits": [{"lang": "en", "value": "OSS-Fuzz", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-01-14T20:23:28.986Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-14T21:18:08.229135Z", "id": "CVE-2026-0959", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:18:44.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0959", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-14T21:18:08.229135Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:18:22.360Z"}}], "cna": {"title": "Out-of-bounds Write in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "OSS-Fuzz"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.3", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.3 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939", "name": "GitLab Issue #20939", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-01-14T20:23:28.986Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0959", "state": "PUBLISHED", "dateUpdated": "2026-01-14T21:18:44.677Z", "dateReserved": "2026-01-14T20:13:56.850Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-01-14T20:23:28.986Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "16FECE03-940B-47CD-895B-7D9485F05357", "versionEndExcluding": "4.4.13", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "60A9FC59-FB67-46A7-9A4B-EE8FCC8CE24A", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"}], "id": "CVE-2026-0959", "lastModified": "2026-01-21T18:44:54.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-14T21:15:52.753", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20939"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{"bugzilla": {"description": "Wireshark: Wireshark: Denial of service via IEEE 802.11 protocol dissector crash", "id": "2429766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429766"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in Wireshark. A remote attacker could exploit a crash in the IEEE 802.11 protocol dissector by crafting a malicious network packet. This vulnerability leads to a denial of service, making the Wireshark application unavailable."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users should avoid opening untrusted or suspicious packet capture files with Wireshark. Limiting the use of Wireshark to trusted environments and only processing network traffic from known sources can reduce the risk of exploitation."}, "name": "CVE-2026-0959", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-14T20:23:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0959\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0959\nhttps://gitlab.com/wireshark/wireshark/-/issues/20939\nhttps://www.wireshark.org/security/wnpa-sec-2026-02.html"], "statement": "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write flaw in the IEEE 802.11 protocol dissector of Wireshark can lead to a denial of service. Exploitation requires user interaction, as a malicious packet capture file must be opened, and has high attack complexity, limiting the overall impact.", "threat_severity": "Moderate"}

{"created": "2026-01-15T08:03:23.305132+00:00", "updated": "2026-01-15T08:03:23.305158+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}