Skip to main content

Wireshark CVE-2026-6528

| EUVDEUVD-2026-26335 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:28 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26335
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service

AnalysisAI

Infinite loop in the TLS protocol dissector of Wireshark 4.6.0 through 4.6.4 causes denial of service when processing malformed TLS packets. Local attackers can trigger the infinite loop by crafting packets and opening them with Wireshark, causing the application to hang or consume excessive CPU resources. User interaction is required to open the malicious packet capture, limiting the attack to scenarios where a victim is tricked into opening untrusted network traffic files.

Technical ContextAI

The vulnerability resides in Wireshark's TLS protocol dissector, the component responsible for parsing and analyzing Transport Layer Security traffic. The flaw is classified as CWE-835 (Infinite Loop), a logic error in the dissector's packet parsing logic that fails to properly validate or limit loop iterations when processing specific malformed TLS message structures. The dissector processes TLS records and handshake messages during packet analysis; crafted input containing specific TLS structures can cause the parser to enter an endless loop condition. This affects Wireshark versions 4.6.0 through 4.6.4, as identified by the CPE string cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:*.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later to resolve the TLS dissector infinite loop. The vendor advisory at https://www.wireshark.org/security/wnpa-sec-2026-33.html provides patched release information. Users unable to immediately upgrade should avoid opening packet capture files from untrusted sources and restrict file access to the Wireshark application by disabling auto-open features for .pcap files in their operating system. Consider using a sandboxed environment or isolated virtual machine when analyzing network traffic from untrusted origins; this prevents a hung Wireshark process from affecting production systems. The mitigation has the trade-off of reducing analyst productivity if frequent packet analysis is required, but significantly reduces exposure to this denial of service vector.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy