CVE-2026-6530
Received Received - Intake
DCP-ETSI Protocol Dissector DoS in Wireshark

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description
DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6530
EUVD
EUVD-2026-26337
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6530 is a vulnerability in the DCP-ETSI protocol dissector of Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It is caused by improper handling of malformed packets, specifically a heap buffer overflow in the rs_deinterleave function where Reed-Solomon correction writes beyond the allocated buffer size.

This overflow happens because the loop writes more bytes than the buffer can hold, leading to a heap-based buffer overflow that can cause Wireshark to crash.

Impact Analysis

This vulnerability can be exploited by an attacker to cause a denial of service by crashing Wireshark when it processes a specially crafted malformed packet or malicious packet trace file.

Additionally, because it is a heap buffer overflow, there is potential for arbitrary code execution, which could lead to further compromise of the system running Wireshark.

Users who open malicious packet capture files without upgrading to patched versions risk having their Wireshark application crash or potentially being exploited for code execution.

Detection Guidance

This vulnerability is triggered by malformed DCP-ETSI protocol packets that cause Wireshark to crash when dissecting them.

Detection can involve monitoring for crashes or heap-buffer-overflow errors in Wireshark when opening packet capture files containing DCP-ETSI traffic.

A practical approach is to analyze network captures for suspicious or malformed DCP-ETSI packets that could trigger the vulnerability.

Since the vulnerability is in the rs_deinterleave function of the DCP-ETSI dissector, using Wireshark with AddressSanitizer enabled can help detect heap buffer overflows by opening suspect capture files.

No specific commands are provided in the resources, but you can use Wireshark or tshark to open and analyze capture files, for example:

  • tshark -r suspicious_capture.pcap -d dcp-etsi
  • Running Wireshark with debugging or sanitizers enabled to catch crashes when opening captures containing DCP-ETSI packets.
Mitigation Strategies

The primary mitigation step is to upgrade Wireshark to a fixed version.

  • Upgrade to Wireshark version 4.6.5 or later if you are using the 4.6.x series.
  • Upgrade to Wireshark version 4.4.15 or later if you are using the 4.4.x series.

Avoid opening untrusted or suspicious packet capture files containing DCP-ETSI traffic until the upgrade is applied.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6530. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart