CVE-2026-6526是Wireshark中RTSP（实时流协议）解析器的一个拒绝服务漏洞。该漏洞影响Wireshark 4.6.0至4.6.4版本。攻击者可以通过向受害者发送特制的RTSP数据包或诱使用户打开恶意的捕获文件来触发漏洞。由于RTSP协议解析器在处理畸形数据时存在缺陷，会导致Wireshark进程崩溃，从而中断网络流量分析工作。该漏洞的CVSS评分为5.5，攻击向量为本地（AV:L），攻击复杂度低（AC:L），无需特权（PR:N），但需要用户交互（UI:R），即受害者必须打开恶意数据包或捕获文件。利用该漏洞仅影响可用性（A:H），不会导致机密性或完整性损失。目前尚未有证据表明该漏洞已被广泛利用或在野武器化，也未列入已知利用漏洞目录（KEV）。厂商（Wireshark团队）已发布修复版本（4.6.5及更高版本）来修正此问题。建议用户立即升级到最新版本，并避免打开来源不明的捕获文件。该漏洞由于需要用户交互，且影响仅限于可用性，因此严重程度为中等。

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

### Summary A remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory access and a full process crash (panic). ### Details The vulnerability is located in the Finite Sta

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.