CVE-2026-0962 – A vulnerability in Wireshark's SOME/IP-SD proto... (How to Fix)

Q: What is the severity of CVE-2026-0962?

CVE-2026-0962 has a CVSS score of 5.3 (MEDIUM). A vulnerability in Wireshark's SOME/IP-SD protocol dissector causes crashes when processing malicious packets, leading to denial of service. This affects users running Wireshark versions 4.6.0-4.6.2 and 4.4.0-4.4.12 for network analysis or packet capture.

📋 TL;DR

A vulnerability in Wireshark's SOME/IP-SD protocol dissector causes crashes when processing malicious packets, leading to denial of service. This affects users running Wireshark versions 4.6.0-4.6.2 and 4.4.0-4.4.12 for network analysis or packet capture.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12

Operating Systems: All platforms running Wireshark (Windows, Linux, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Wireshark when analyzing SOME/IP-SD protocol traffic. The vulnerability is in the protocol dissector, not in network services.

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when analyzing malicious network traffic, preventing network analysis and potentially disrupting monitoring or troubleshooting workflows.

🟠

Likely Case

Wireshark crashes when encountering specially crafted SOME/IP-SD packets, requiring restart and potentially losing unsaved capture data.

🟢

If Mitigated

Minimal impact if Wireshark is not used for analyzing SOME/IP-SD traffic or if workarounds are implemented.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; it's an analysis tool that processes captured traffic.

🏢 Internal Only: MEDIUM - Internal users running vulnerable Wireshark versions for network analysis could experience crashes if malicious packets are present on monitored networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires sending malicious SOME/IP-SD packets that Wireshark analyzes.

Exploitation requires the attacker to inject malicious packets into network traffic that Wireshark is monitoring or analyzing from capture files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Wireshark 4.6.3 and 4.4.13

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2026-03.html

Restart Required: Yes

Instructions:

1. Download latest Wireshark from wireshark.org. 2. Install over existing version. 3. Restart Wireshark and any related services.

🔧 Temporary Workarounds

Disable SOME/IP-SD dissector

all

Prevent Wireshark from parsing SOME/IP-SD protocol to avoid crashes

Edit -> Preferences -> Protocols -> SOME/IP-SD -> Uncheck 'Enable SOME/IP-SD protocol'

Use capture filters

all

Filter out SOME/IP-SD traffic during capture to prevent exposure

Capture -> Options -> Capture Filter: not port 30490

🧯 If You Can't Patch

Restrict Wireshark use to trusted networks without SOME/IP-SD traffic
Monitor for Wireshark crashes and investigate network traffic when crashes occur

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version via Help -> About Wireshark. If version is 4.6.0-4.6.2 or 4.4.0-4.4.12, you are vulnerable.

Check Version:

wireshark -v (Linux/macOS) or check Help -> About on Windows

Verify Fix Applied:

Verify Wireshark version is 4.6.3+ or 4.4.13+ after update.

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs
Application error events mentioning Wireshark

Network Indicators:

Malformed SOME/IP-SD packets on monitored networks
UDP port 30490 traffic with unusual patterns

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="wireshark.exe" OR "Wireshark"

📊 Metadata

CVE ID: CVE-2026-0962

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.03% exploit probability (6.4th percentile)

Published: January 14, 2026

Last Updated: January 21, 2026

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/20945 Exploit,Issue Tracking,Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2026-03.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0962, you might also want to check these: