Description
Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uncontrolled recursion in the Monero protocol dissector within Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. When a crafted packet that exercises this recursion is parsed, the dissector repeatedly calls itself until the stack overflows, causing Wireshark to crash. The crash results in a denial of service, preventing the user from continuing to analyze network traffic or capturing packets. This weakness is identified as CWE-674, an uncontrolled recursion flaw.

Affected Systems

Affected products are Wireshark by the Wireshark Foundation. Versions vulnerable include Wireshark 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. All installations of these versions running the Monero protocol dissector are susceptible.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. There is no EPSS score available, and the vulnerability is not listed in CISA's KEV catalog. Since the error occurs during dissector parsing of network data, the exploit likely requires the ability to supply crafted traffic to the running Wireshark instance, suggesting a local or remote privilege to inject traffic into the capture source. No missing authorisation checks are mentioned, so exploitation is limited to causing a crash; confidentiality and integrity are not directly affected. The exploit path is the receipt of malicious Monero traffic by Wireshark, which triggers the recursion and stack overflow.

Generated by OpenCVE AI on April 30, 2026 at 13:41 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to remove the recursion bug.
  • If an upgrade cannot be performed immediately, temporarily disable the Monero dissector or filter out Monero packets to prevent triggering the crash.
  • Monitor Wireshark for unexpected crashes and investigate any incidents promptly.
  • Consider restricting untrusted traffic from reaching the system or ensuring capture sources are controlled.

Generated by OpenCVE AI on April 30, 2026 at 13:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Uncontrolled Recursion in Wireshark
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:58:18.159Z

Reserved: 2026-04-02T07:03:43.324Z

Link: CVE-2026-5409

cve-icon Vulnrichment

Updated: 2026-04-30T12:57:43.554Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:38.383

Modified: 2026-05-01T19:27:46.780

Link: CVE-2026-5409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:45:23Z

Weaknesses