CVE-2026-5299
Received Received - Intake

ICMPv6 PvD Protocol Dissector Crash in Wireshark

Vulnerability report for CVE-2026-5299, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5299 is a denial-of-service vulnerability in Wireshark's ICMPv6 PvD protocol dissector affecting versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

The vulnerability occurs because the dissector improperly handles malformed ICMPv6 packets containing multiple Prefix vs. Destination (PvD) options. Specifically, a recursive function call processes each PvD option, but this recursion grows exponentially with the number of options, leading to excessive CPU and memory consumption.

An attacker can exploit this by injecting a malformed packet or tricking a user into opening a malicious packet trace file, causing Wireshark or tshark to crash or become unresponsive.

Impact Analysis

This vulnerability can cause Wireshark or tshark to crash or consume excessive CPU and memory resources, resulting in a denial of service.

If you use Wireshark to analyze network traffic, an attacker could exploit this flaw by sending specially crafted ICMPv6 packets or providing malicious packet capture files, causing your analysis tool to become unresponsive or crash.

This may disrupt your ability to monitor or troubleshoot network issues and could impact system stability if resources are exhausted.

Detection Guidance

This vulnerability involves Wireshark's ICMPv6 dissector crashing due to malformed packets containing multiple PvD options. Detection can involve monitoring for crashes or high CPU and memory usage when analyzing ICMPv6 Router Advertisement packets with Wireshark or tshark.

Specifically, running tshark with the -V flag on network captures containing ICMPv6 Router Advertisement packets may trigger the vulnerability, causing high CPU usage and a dissector bug assertion after processing many tree items.

While no explicit detection commands are provided, you can use tshark or Wireshark to capture and analyze ICMPv6 traffic and watch for abnormal resource consumption or crashes when processing packets with multiple PvD options.

Mitigation Strategies

The primary mitigation step is to upgrade Wireshark to version 4.6.5, 4.4.15, or later, where this vulnerability has been fixed.

Until the upgrade is applied, avoid opening untrusted or suspicious packet capture files that may contain malformed ICMPv6 PvD options to prevent denial of service.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart