CVE-2026-6524
Received Received - Intake

MySQL Protocol Dissector Crash in Wireshark

Vulnerability report for CVE-2026-6524, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-824 The product accesses or uses a pointer that has not been initialized.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-6524 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-6524 is a vulnerability in Wireshark's MySQL protocol dissector that can cause the application to crash. This happens due to a pointer dereference issue where a pointer field in the param_metas structure is not properly initialized but later used, leading to a segmentation fault.

The crash can be triggered by opening a specially crafted malicious packet trace file or by injecting a malformed packet, which causes Wireshark or tshark to fail with a memory access violation.

This vulnerability affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

Impact Analysis

This vulnerability can cause Wireshark or tshark to crash unexpectedly when processing malicious or malformed MySQL protocol packets.

The impact is a denial of service (DoS), where the affected software becomes unavailable or unusable due to the crash.

While no known exploits currently exist, an attacker could potentially disrupt network analysis or monitoring by triggering this crash.

Detection Guidance

This vulnerability can be detected by observing crashes in Wireshark or tshark when processing specific PCAP files that contain malformed MySQL protocol packets.

Opening a malicious packet trace file with Wireshark or tshark may trigger a crash due to a segmentation fault caused by the vulnerability.

While no explicit detection commands are provided, monitoring for crashes or AddressSanitizer errors related to Wireshark or tshark when analyzing MySQL traffic can indicate the presence of this issue.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade Wireshark to versions 4.6.5 or 4.4.15 or later, where the issue has been fixed.

Avoid opening untrusted or potentially malicious PCAP files containing MySQL protocol data in vulnerable versions of Wireshark or tshark.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6524. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart