CVE-2026-6522
Received Received - Intake
RPKI-Router Protocol Infinite Loop in Wireshark

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description
RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6522
EUVD
EUVD-2026-26330
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6522 is an infinite loop vulnerability in the RPKI-Router protocol dissector of Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. This flaw occurs when the dissector processes a malformed packet, specifically one with an all-0xFF payload, causing a function to return an extremely large length value. This triggers an infinite loop in the packet processing function because the offset arithmetic wraps around due to unsigned overflow, preventing the dissector from advancing properly and causing it to repeatedly attempt to process the oversized payload.

An attacker can exploit this by injecting a malformed packet into the network or tricking a user into opening a malicious packet trace file, leading to excessive CPU consumption and denial of service.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-6522 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition by making Wireshark enter an infinite loop, consuming excessive CPU resources. This can crash the application or make it unresponsive, disrupting network analysis or monitoring activities.

Users who open malicious packet trace files or receive malformed packets on the network may experience these impacts, potentially affecting productivity or incident response capabilities.

Detection Guidance

The vulnerability can be detected by observing Wireshark crashes or denial-of-service conditions when processing malformed RPKI-Router protocol packets, especially those with an all-0xFF payload.

A proof-of-concept pcap file exists that can reproduce the issue, which can be used to test if your Wireshark installation is vulnerable.

Using debugging tools like GDB to analyze Wireshark during packet dissection can reveal the infinite loop, as shown by a backtrace in the tcp_dissect_pdus() function.

No specific detection commands are provided in the resources.

Mitigation Strategies

Users should immediately upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, as these versions contain fixes that prevent the infinite loop vulnerability in the RPKI-Router protocol dissector.

Avoid opening untrusted or suspicious packet trace files that might contain malformed RPKI-Router protocol packets.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart