Skip to main content

Wireshark EUVDEUVD-2026-26338

| CVE-2026-6531 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:16 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26338
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:36 nvd
MEDIUM 5.5

DescriptionCVE.org

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Infinite loop in the SANE protocol dissector in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 causes denial of service when processing malformed SANE packets. A local attacker with user privileges can trigger the infinite loop by crafting a specially formatted SANE network capture or injecting malicious packets, causing Wireshark to hang and become unresponsive, denying analysts access to packet analysis.

Technical ContextAI

The SANE (Scanner Access Now Easy) protocol dissector in Wireshark is responsible for parsing and interpreting SANE protocol traffic. SANE is used for remote scanner device communication. The vulnerability is rooted in CWE-835 (Loop with Unreachable Exit Condition), where the dissector's state machine or parsing logic enters an infinite loop when encountering specific malformed packet structures. This occurs during local packet file processing or live packet capture analysis, triggered by user interaction with the affected Wireshark versions via the graphical interface.

RemediationAI

Upgrade to Wireshark 4.6.5 or later for the 4.6.x branch, or 4.4.15 or later for the 4.4.x branch. Users unable to immediately upgrade should avoid opening untrusted SANE protocol captures (.pcap files containing SANE packets) and configure Wireshark to disable the SANE dissector in Preferences > Protocols > SANE to prevent automatic parsing of SANE traffic in live captures. Disabling the dissector eliminates the vector but may reduce visibility into SANE scanner communications if that protocol is in scope for the organization's threat monitoring. See https://www.wireshark.org/security/wnpa-sec-2026-30.html for patch release timing and https://gitlab.com/wireshark/wireshark/-/issues/21139 for technical details.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy