The vulnerability is a logic error in the SANE protocol dissector that causes an infinite loop while parsing packets, consuming all CPU resources and preventing Wireshark from continuing to process traffic, effectively rendering the application unresponsive and leading to a denial of service for the local user. This is an example of CWE‑835, where a program never terminates or terminates badly. Affected systems include Wireshark Foundation’s Wireshark application in the 4.6 series from version 4.6.0 through 4.6.4 and in the 4.4 series from version 4.4.0 through 4.4.14; all installations using the default SANE dissector during packet capture are impacted. No specific platform or operating system constraints are stated in the data.

Wireshark Foundation Wireshark application versions 4.6.0‑4.6.4 and 4.4.0‑4.4.14 that include the default SANE dissector.

With a CVSS score of 5.5, the vulnerability poses a moderate risk of service disruption; the EPSS score of less than 1% indicates a very low but nonzero likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. The infinite loop can be triggered by sending specially crafted SANE packets to a running Wireshark instance, making the likely attack vector remote. An environment where Wireshark is exposed to untrusted networks or users is more susceptible, and no additional prerequisites are disclosed, so a simple packet injection could suffice. Overall, the risk is moderate but not negligible; systems that rely on continuous packet capture should mitigate promptly to prevent accidental denial of service from malformed traffic.