Description
DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an infinite loop in the DLMS/COSEM protocol dissector in Wireshark versions 4.6.0 to 4.6.4. When Wireshark parses a packet containing this protocol, the dissector never terminates, causing the application to consume all available CPU time and become unresponsive. This results in denial of service for the user running Wireshark. The weakness is CWE‑835, an incorrect use of control flow that leads to an infinite loop.

Affected Systems

The affected systems are Wireshark Foundation's Wireshark application, specifically versions 4.6.0 through 4.6.4. Any installation that uses the DLMS/COSEM dissector in those versions is susceptible.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate threat level, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker can deliver the malicious packet either by creating or modifying a capture file that Wireshark processes or by injecting the packet into a local capture stream. The exploitation requires that the packet be parsed by Wireshark, so the attack vector is limited to local user interaction or access to the Wireshark process; it is not a remote network attack. If the attacker can control the capture file or the packet stream, they can trigger the infinite loop and cause the Wireshark process to become unresponsive, effectively denying service to the user or to any monitoring process relying on Wireshark.

Generated by OpenCVE AI on May 1, 2026 at 05:19 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later to fix the infinite loop bug.
  • If an upgrade is not immediately possible, disable the DLMS/COSEM dissector in the preferences or avoid opening capture files that contain the protocol.
  • Restart Wireshark after applying the update or disabling the dissector and monitor the application for responsiveness.
  • Verify that any capture files from external or untrusted sources are scanned or inspected before opening them in Wireshark.

Generated by OpenCVE AI on May 1, 2026 at 05:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
Title Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:46:16.109Z

Reserved: 2026-04-17T15:06:32.676Z

Link: CVE-2026-6536

cve-icon Vulnrichment

Updated: 2026-04-30T12:46:13.139Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:40.987

Modified: 2026-05-01T18:16:00.143

Link: CVE-2026-6536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:30:09Z

Weaknesses