Description
OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an infinite loop in Wireshark’s OpenFlow v6 protocol dissector, identified as CWE-835. When a packet that triggers the loop is processed, Wireshark’s CPU is trapped in the loop, causing high resource consumption or a crash that terminates the application. This results in a denial of service to whoever is relying on Wireshark to analyze traffic, stalling further inspection or processing.

Affected Systems

The flaw affects Wireshark Foundation’s Wireshark product in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Users of any of those releases are vulnerable to the infinite loop when a crafted OpenFlow v6 packet is parsed.

Risk and Exploitability

The CVSS score of 5.5 reflects moderate severity. No EPSS score is published, so the exact likelihood of exploitation is unknown, but the fact that a malicious packet can be injected into a capture makes exploitation plausible. The vulnerability is not listed in the CISA KEV catalog. The attack vector can be inferred to be payload-based: an attacker would create or supply an OpenFlow v6 packet that triggers the loop and deliver it to a Wireshark instance—either by opening a crafted trace file or by capturing traffic that contains the packet. Once the loop is entered, Wireshark may become unresponsive or crash, achieving a denial‑of‑service outcome.

Generated by OpenCVE AI on April 30, 2026 at 13:51 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Update Wireshark to version 4.6.5 or later, which contains the fixed dissector loop.
  • If an upgrade is not yet possible, prevent the dissector from being loaded by disabling the OpenFlow v6 dissector in Wireshark’s protocol preferences, thereby avoiding the triggering loop.
  • Monitor Wireshark’s CPU usage and system stability in environments where upgrading is delayed; consider terminating the process or restarting Wireshark if CPU usage spikes or the application becomes unresponsive.

Generated by OpenCVE AI on April 30, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T15:20:22.200Z

Reserved: 2026-04-17T15:05:12.694Z

Link: CVE-2026-6520

cve-icon Vulnrichment

Updated: 2026-04-30T15:15:16.863Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-30T07:16:39.153

Modified: 2026-04-30T15:10:10.430

Link: CVE-2026-6520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses