openSUSE-SU-2026:20685-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20685-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2026:20685-1
Upstream
Related
Published
2026-05-06T00:14:18Z
Modified
2026-05-09T18:29:26.093840Z
Summary
Security update for wireshark
Details

This update for wireshark fixes the following issues

  • CVE-2026-3201: missing limit checks in USB HID protocol dissector's parse_report_descriptor function can lead to memory exhaustion (bsc#1258907).
  • CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909).
  • CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757).
  • CVE-2026-5401: AFP dissector crash (bsc#1263756).
  • CVE-2026-5403: SBC audio codec crash (bsc#1263765).
  • CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766).
  • CVE-2026-5405: RDP dissector crash (bsc#1263767).
  • CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754).
  • CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753).
  • CVE-2026-5408: BT-DHT dissector crash (bsc#1263752).
  • CVE-2026-5409: Monero dissector crash (bsc#1263751).
  • CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750).
  • CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749).
  • CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809).
  • CVE-2026-5657: iLBC audio codec crash (bsc#1263747).
  • CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746).
  • CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745).
  • CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744).
  • CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743).
  • CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742).
  • CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741).
  • CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739).
  • CVE-2026-6529: iLBC audio codec crash (bsc#1263737).
  • CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736).
  • CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735).
  • CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734).
  • CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733).
  • CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732).
  • CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731).
  • CVE-2026-6537: ZigBee dissector crash (bsc#1263729).
  • CVE-2026-6538: BEEP dissector crash (bsc#1263728).
  • CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762).
  • CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726).

Changes for wireshark:

  • Updated to 4.4.15
References

Affected packages