The vulnerability is an uncontrolled recursion in the Monero protocol dissector within Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. When a crafted packet that exercises this recursion is parsed, the dissector repeatedly calls itself until the stack overflows, causing Wireshark to crash. The crash results in a denial of service, preventing the user from continuing to analyze network traffic or capturing packets. This weakness is identified as CWE-674, an uncontrolled recursion flaw, and CWE-825, a range and overflow error.

Affected products are Wireshark by the Wireshark Foundation. Versions vulnerable include Wireshark 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. All installations of these versions running the Monero protocol dissector are susceptible.

The CVSS score of 5.5 indicates a moderate severity. The EPSS score is less than 1%, indicating a very low likelihood of exploitation, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is a crafted packet that triggers the recursion in the Monero dissector; based on the description, this is inferred to require the ability to supply such traffic to a running Wireshark instance, which may be local or remote depending on the capture source configuration. No missing authorisation checks are mentioned, so exploitation is limited to causing a crash; confidentiality and integrity are not directly affected. The exploit path is the receipt of malicious Monero traffic by Wireshark, which triggers the recursion and stack overflow.