Description
OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an infinite loop in Wireshark’s OpenFlow v6 protocol dissector, identified as CWE-835 and CWE-606. When a packet that triggers the loop is processed, Wireshark’s CPU is trapped in the loop, causing high resource consumption or a crash that terminates the application. This results in a denial of service to whoever is relying on Wireshark to analyze traffic, stalling further inspection or processing.

Affected Systems

The flaw affects Wireshark Foundation’s Wireshark product in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Users of any of those releases are vulnerable to the infinite loop when a crafted OpenFlow v6 packet is parsed.

Risk and Exploitability

The CVSS score of 5.5 reflects moderate severity. This defect corresponds to CWE-835 and CWE-606, and the EPSS score of <1% indicates a very low but non-zero exploitation probability; however, because a malicious packet can be injected into a capture, exploitation remains possible. The vulnerability is not listed in the CISA KEV catalog. The attack vector can be inferred to be payload-based: an attacker would create or supply an OpenFlow v6 packet that triggers the loop and deliver it to a Wireshark instance—either by opening a crafted trace file or by capturing traffic that contains the packet. Once the loop is entered, Wireshark may become unresponsive or crash, achieving a denial-of-service outcome.

Generated by OpenCVE AI on May 4, 2026 at 13:58 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Update Wireshark to version 4.6.5 or later, which contains the fixed dissector loop.
  • If an upgrade is not yet possible, prevent the dissector from being loaded by disabling the OpenFlow v6 dissector in Wireshark’s protocol preferences, thereby avoiding the triggering loop.
  • Monitor Wireshark’s CPU usage and system stability in environments where upgrading is delayed; consider terminating the process or restarting Wireshark if CPU usage spikes or the application becomes unresponsive.

Generated by OpenCVE AI on May 4, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-606
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T15:20:22.200Z

Reserved: 2026-04-17T15:05:12.694Z

Link: CVE-2026-6520

cve-icon Vulnrichment

Updated: 2026-04-30T15:15:16.863Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:39.153

Modified: 2026-05-01T16:37:23.097

Link: CVE-2026-6520

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:34:04Z

Links: CVE-2026-6520 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses