CVE-2026-5299
ICMPv6 PvD Protocol Dissector Crash in Wireshark
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.14 (inc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5299 is a denial-of-service vulnerability in Wireshark's ICMPv6 PvD protocol dissector affecting versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
The vulnerability occurs because the dissector improperly handles malformed ICMPv6 packets containing multiple Prefix vs. Destination (PvD) options. Specifically, a recursive function call processes each PvD option, but this recursion grows exponentially with the number of options, leading to excessive CPU and memory consumption.
An attacker can exploit this by injecting a malformed packet or tricking a user into opening a malicious packet trace file, causing Wireshark or tshark to crash or become unresponsive.
How can this vulnerability impact me? :
This vulnerability can cause Wireshark or tshark to crash or consume excessive CPU and memory resources, resulting in a denial of service.
If you use Wireshark to analyze network traffic, an attacker could exploit this flaw by sending specially crafted ICMPv6 packets or providing malicious packet capture files, causing your analysis tool to become unresponsive or crash.
This may disrupt your ability to monitor or troubleshoot network issues and could impact system stability if resources are exhausted.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Wireshark's ICMPv6 dissector crashing due to malformed packets containing multiple PvD options. Detection can involve monitoring for crashes or high CPU and memory usage when analyzing ICMPv6 Router Advertisement packets with Wireshark or tshark.
Specifically, running tshark with the -V flag on network captures containing ICMPv6 Router Advertisement packets may trigger the vulnerability, causing high CPU usage and a dissector bug assertion after processing many tree items.
While no explicit detection commands are provided, you can use tshark or Wireshark to capture and analyze ICMPv6 traffic and watch for abnormal resource consumption or crashes when processing packets with multiple PvD options.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Wireshark to version 4.6.5, 4.4.15, or later, where this vulnerability has been fixed.
Until the upgrade is applied, avoid opening untrusted or suspicious packet capture files that may contain malformed ICMPv6 PvD options to prevent denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.