Skip to main content

Wireshark CVE-2026-6534

| EUVDEUVD-2026-26341 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:16 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:47 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26341
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 via infinite loop in the USB HID protocol dissector allows local attackers to crash the application by opening a maliciously crafted packet capture file. The vulnerability requires user interaction (opening a file) on a local system, making it suitable for targeted attacks against security analysts and network administrators who routinely inspect suspicious network traffic.

Technical ContextAI

The USB Human Interface Device (HID) protocol dissector in Wireshark is responsible for parsing USB HID packets within capture files. The vulnerability is rooted in an infinite loop condition (CWE-835) within the dissector logic, triggered by malformed USB HID packet structures. When the dissector encounters specific malicious packet field values, it fails to properly advance its parsing state or validate termination conditions, causing the dissector thread to consume CPU indefinitely. This affects the dissector code path common to both the 4.6.x and 4.4.x release branches, indicating a shared upstream defect in USB HID parsing logic.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later (for the 4.6.x branch) or 4.4.15 or later (for the 4.4.x branch) to obtain the patched dissector code. Patch availability is confirmed by the Wireshark security advisory at https://www.wireshark.org/security/wnpa-sec-2026-27.html. As a temporary workaround for users unable to patch immediately, disable or remove the USB HID protocol dissector from Wireshark's dissector table if capture files containing USB traffic are not regularly analyzed - this eliminates the trigger for the infinite loop but may limit visibility into USB HID protocol details. Alternatively, restrict opening of capture files from untrusted sources and avoid processing PCAP files from suspicious origins until patched versions are deployed. The recommended approach is patching, as it is straightforward and has no operational drawbacks.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6534 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy