An uncontrolled recursion bug exists in the BT‑DHT protocol dissector of Wireshark. When the dissector processes a malicious packet, the recursion never terminates, causing the application to exhaust its resources and crash. The weakness is classified as CWE‑617 and CWE‑674. The result is a denial of service in the Wireshark process, potentially stopping analysis of network traffic and exposing the host to further attacks. The CVE description explicitly states that the issue results in a crash, indicating that an attacker could achieve a local denial of service by influencing the packet data that Wireshark processes.

The vulnerability affects Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Users running any of these releases on the Wireshark Foundation build must be aware that they are exposed to the recursion bug until an updated version is installed.

The CVSS score of 5.5 places the vulnerability in the medium severity range. The EPSS score is < 1%, indicating a very low probability of exploitation, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local or remote if the victim opens a malicious capture file. An attacker would need to supply or inject a crafted BT‑DHT packet to force the dissector to recurse until the application crashes. Since Wireshark is an analysis tool, the impact is confined to the host running the software, but denial of service can disrupt network monitoring and logging.