Impact
The vulnerability arises from unchecked input used to control a loop condition in Wireshark's FMP/NOTIFY protocol dissector. When a packet containing malformed data is parsed, the loop fails to terminate correctly and the program crashes, providing an attacker with a denial‑of‑service vector. This weakness is identified as CWE‑606, reflecting improper validation of input before use.
Affected Systems
All releases of Wireshark from version 4.4.0 through 4.4.16, and from 4.6.0 through 4.6.6, are affected. The impact is limited to the Wireshark application on the host where the dissection occurs.
Risk and Exploitability
The CVSS score of 5.5 indicates medium severity. EXS is not available, so the likelihood of exploitation is unknown, and the vulnerability is not listed in CISA's KEV catalog. Attackers can exploit it by presenting a crafted packet or pcap file to Wireshark, causing the application to crash locally on the victim’s machine. The exploitation does not grant code execution or elevate privileges, but it compromises availability of the network‑analysis tool.
OpenCVE Enrichment