Description
RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an infinite loop in the RPKI‑Router protocol dissector of Wireshark, affecting releases 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Because the loop never exits, the application consumes CPU resources until it becomes unresponsive, resulting in a denial of service. The weakness is classified as CWE‑835, which describes an infinite loop condition that can lead to resource exhaustion.

Affected Systems

Wireshark Foundation’s Wireshark is the sole vendor product affected. The impacted versions are Wireshark 4.6.0–4.6.4 inclusive and Wireshark 4.4.0–4.4.14 inclusive. These releases are widely used on Windows, macOS, and Linux for packet capture and analysis.

Risk and Exploitability

The CVSS score of 5.5 places this vulnerability in the medium severity range. The EPSS score is not available, so an exact exploitation probability cannot be quantified. The vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker can trigger the loop by supplying a maliciously crafted RPKI‑Router packet to a target machine running Wireshark during a capture session. When the loop engages, the application may freeze or crash, disrupting network monitoring and potentially affecting operations that rely on continuous packet analysis.

Generated by OpenCVE AI on April 30, 2026 at 13:52 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or newer, replacing any older releases that include the vulnerable dissector logic.
  • Restart all running Wireshark processes after the upgrade to ensure the new code is loaded.
  • Monitor capture sessions for unexpected hangs or crashes, and verify that the updated version is in use when incidents occur.

Generated by OpenCVE AI on April 30, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:47:52.863Z

Reserved: 2026-04-17T15:05:22.698Z

Link: CVE-2026-6522

cve-icon Vulnrichment

Updated: 2026-04-30T12:24:45.478Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-30T07:16:39.390

Modified: 2026-04-30T15:10:10.430

Link: CVE-2026-6522

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses