CVE-2026-6522
RPKI-Router Protocol Infinite Loop in Wireshark
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.14 (inc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6522 is an infinite loop vulnerability in the RPKI-Router protocol dissector of Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. This flaw occurs when the dissector processes a malformed packet, specifically one with an all-0xFF payload, causing a function to return an extremely large length value. This triggers an infinite loop in the packet processing function because the offset arithmetic wraps around due to unsigned overflow, preventing the dissector from advancing properly and causing it to repeatedly attempt to process the oversized payload.
An attacker can exploit this by injecting a malformed packet into the network or tricking a user into opening a malicious packet trace file, leading to excessive CPU consumption and denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-6522 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service (DoS) condition by making Wireshark enter an infinite loop, consuming excessive CPU resources. This can crash the application or make it unresponsive, disrupting network analysis or monitoring activities.
Users who open malicious packet trace files or receive malformed packets on the network may experience these impacts, potentially affecting productivity or incident response capabilities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by observing Wireshark crashes or denial-of-service conditions when processing malformed RPKI-Router protocol packets, especially those with an all-0xFF payload.
A proof-of-concept pcap file exists that can reproduce the issue, which can be used to test if your Wireshark installation is vulnerable.
Using debugging tools like GDB to analyze Wireshark during packet dissection can reveal the infinite loop, as shown by a backtrace in the tcp_dissect_pdus() function.
No specific detection commands are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
Users should immediately upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, as these versions contain fixes that prevent the infinite loop vulnerability in the RPKI-Router protocol dissector.
Avoid opening untrusted or suspicious packet trace files that might contain malformed RPKI-Router protocol packets.