CVE-2026-0962 is an out-of-bounds write vulnerability classified under CWE-787 found in the SOME/IP-SD protocol dissector of Wireshark versions 4.4.0 to 4.4.12 and 4.6.0 to 4.6.2. SOME/IP (Scalable service-Oriented MiddlewarE over IP) is a protocol commonly used in automotive and industrial communication systems. The vulnerability arises when Wireshark processes malformed SOME/IP-SD packets, leading to an out-of-bounds write that causes the application to crash. This crash results in a denial of service, disrupting the availability of Wireshark for packet analysis. The CVSS 3.1 score of 5.3 reflects a medium severity with network attack vector, high attack complexity, no privileges required, and user interaction necessary (e.g., opening a crafted capture file). The vulnerability does not impact confidentiality or integrity but affects availability. No known exploits have been reported in the wild, and no official patches have been linked at the time of publication. The flaw is significant for environments relying on Wireshark for network troubleshooting and security monitoring, especially where SOME/IP traffic is analyzed. Attackers could exploit this by sending malicious SOME/IP-SD packets to analysts or by tricking users into opening crafted capture files, causing Wireshark to crash and interrupting network analysis workflows.

For European organizations, the primary impact is the denial of service of Wireshark during network analysis, which can hinder incident response and network troubleshooting activities. This disruption could delay detection and mitigation of other security incidents. Industries heavily using SOME/IP, such as automotive manufacturers and suppliers, industrial control systems, and telecommunications, may be more affected due to the protocol’s prevalence. The inability to reliably analyze network traffic could reduce situational awareness and increase operational risk. However, since the vulnerability does not allow code execution or data compromise, the direct risk to confidentiality and integrity is low. The medium severity rating reflects the moderate operational impact rather than a critical security breach. Organizations relying on Wireshark for compliance monitoring or forensic investigations may face challenges if the tool becomes unstable or unusable during critical events.

1. Monitor Wireshark Foundation announcements and promptly apply patches once available to address CVE-2026-0962. 2. Until patches are released, avoid opening untrusted or suspicious capture files containing SOME/IP-SD traffic. 3. Implement network segmentation and filtering to limit exposure to SOME/IP-SD traffic from untrusted sources, especially in environments where Wireshark is used. 4. Use alternative packet analysis tools or offline analysis methods that do not process SOME/IP-SD traffic if immediate patching is not possible. 5. Educate network analysts and security teams about the risk of crafted SOME/IP-SD packets causing crashes and encourage cautious handling of capture files. 6. Employ intrusion detection systems to monitor for anomalous SOME/IP-SD traffic patterns that could indicate exploitation attempts. 7. Maintain regular backups and incident response plans to quickly recover from potential disruptions caused by this vulnerability.