Detections
Analytics
openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)
high Nessus Plugin ID 313625
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory.This update for wireshark fixes the following issues
- CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907).
- CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909).
- CVE-2026-5299: ICMPv6 dissector crash (bsc#1263757).
- CVE-2026-5401: AFP dissector crash (bsc#1263756).
- CVE-2026-5403: SBC audio codec crash (bsc#1263765).
- CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766).
- CVE-2026-5405: RDP dissector crash (bsc#1263767).
- CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754).
- CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753).
- CVE-2026-5408: BT-DHT dissector crash (bsc#1263752).
- CVE-2026-5409: Monero dissector crash (bsc#1263751).
- CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750).
- CVE-2026-5654: AMR-NB audio codec crash (bsc#1263749).
- CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809).
- CVE-2026-5657: iLBC audio codec crash (bsc#1263747).
- CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746).
- CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745).
- CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744).
- CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743).
- CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742).
- CVE-2026-6524: MySQL protocol dissector crash (bsc#1263741).
- CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739).
- CVE-2026-6529: iLBC audio codec crash (bsc#1263737).
- CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736).
- CVE-2026-6531: SANE protocol dissector infinite loop (bsc#1263735).
- CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734).
- CVE-2026-6533: Dissection engine LZ77 decompression crash (bsc#1263733).
- CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732).
- CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731).
- CVE-2026-6537: ZigBee dissector crash (bsc#1263729).
- CVE-2026-6538: BEEP dissector crash (bsc#1263728).
- CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762).
- CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726).
Changes for wireshark:
- Updated to 4.4.15
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1258907
https://bugzilla.suse.com/1258909
https://bugzilla.suse.com/1263726
https://bugzilla.suse.com/1263728
https://bugzilla.suse.com/1263729
https://bugzilla.suse.com/1263731
https://bugzilla.suse.com/1263732
https://bugzilla.suse.com/1263733
https://bugzilla.suse.com/1263734
https://bugzilla.suse.com/1263735
https://bugzilla.suse.com/1263736
https://bugzilla.suse.com/1263737
https://bugzilla.suse.com/1263739
https://bugzilla.suse.com/1263741
https://bugzilla.suse.com/1263742
https://bugzilla.suse.com/1263743
https://bugzilla.suse.com/1263744
https://bugzilla.suse.com/1263745
https://bugzilla.suse.com/1263746
https://bugzilla.suse.com/1263747
https://bugzilla.suse.com/1263749
https://bugzilla.suse.com/1263750
https://bugzilla.suse.com/1263751
https://bugzilla.suse.com/1263752
https://bugzilla.suse.com/1263753
https://bugzilla.suse.com/1263754
https://bugzilla.suse.com/1263756
https://bugzilla.suse.com/1263757
https://bugzilla.suse.com/1263762
https://bugzilla.suse.com/1263765
https://bugzilla.suse.com/1263766
https://bugzilla.suse.com/1263767
https://bugzilla.suse.com/1263809
https://www.suse.com/security/cve/CVE-2026-3201
https://www.suse.com/security/cve/CVE-2026-3203
https://www.suse.com/security/cve/CVE-2026-5299
https://www.suse.com/security/cve/CVE-2026-5401
https://www.suse.com/security/cve/CVE-2026-5403
https://www.suse.com/security/cve/CVE-2026-5404
https://www.suse.com/security/cve/CVE-2026-5405
https://www.suse.com/security/cve/CVE-2026-5406
https://www.suse.com/security/cve/CVE-2026-5407
https://www.suse.com/security/cve/CVE-2026-5408
https://www.suse.com/security/cve/CVE-2026-5409
https://www.suse.com/security/cve/CVE-2026-5653
https://www.suse.com/security/cve/CVE-2026-5654
https://www.suse.com/security/cve/CVE-2026-5656
https://www.suse.com/security/cve/CVE-2026-5657
https://www.suse.com/security/cve/CVE-2026-6519
https://www.suse.com/security/cve/CVE-2026-6520
https://www.suse.com/security/cve/CVE-2026-6521
https://www.suse.com/security/cve/CVE-2026-6522
https://www.suse.com/security/cve/CVE-2026-6523
https://www.suse.com/security/cve/CVE-2026-6524
https://www.suse.com/security/cve/CVE-2026-6527
https://www.suse.com/security/cve/CVE-2026-6529
https://www.suse.com/security/cve/CVE-2026-6530
https://www.suse.com/security/cve/CVE-2026-6531
https://www.suse.com/security/cve/CVE-2026-6532
https://www.suse.com/security/cve/CVE-2026-6533
https://www.suse.com/security/cve/CVE-2026-6534
https://www.suse.com/security/cve/CVE-2026-6535
https://www.suse.com/security/cve/CVE-2026-6537
https://www.suse.com/security/cve/CVE-2026-6538
Plugin Details
Severity: High
ID: 313625
File Name: openSUSE-2026-20685-1.nasl
Version: 1.1
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/10/2026
Updated: 5/10/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2026-6869
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2026-5656
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:wireshark, p-cpe:/a:novell:opensuse:wireshark-devel, p-cpe:/a:novell:opensuse:libwireshark18, p-cpe:/a:novell:opensuse:wireshark-ui-qt, p-cpe:/a:novell:opensuse:libwiretap15, p-cpe:/a:novell:opensuse:libwsutil16
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/6/2026
Vulnerability Publication Date: 10/8/2024
Reference Information
CVE: CVE-2026-3201, CVE-2026-3203, CVE-2026-5299, CVE-2026-5401, CVE-2026-5403, CVE-2026-5404, CVE-2026-5405, CVE-2026-5406, CVE-2026-5407, CVE-2026-5408, CVE-2026-5409, CVE-2026-5653, CVE-2026-5654, CVE-2026-5656, CVE-2026-5657, CVE-2026-6519, CVE-2026-6520, CVE-2026-6521, CVE-2026-6522, CVE-2026-6523, CVE-2026-6524, CVE-2026-6527, CVE-2026-6529, CVE-2026-6530, CVE-2026-6531, CVE-2026-6532, CVE-2026-6533, CVE-2026-6534, CVE-2026-6535, CVE-2026-6537, CVE-2026-6538, CVE-2026-6868, CVE-2026-6869
IAVB: 2026-B-0053-S, 2026-B-0112