CVE-2026-6870
Received Received - Intake
GSM RP Protocol Dissector DoS in Wireshark

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: GitLab Inc.

Description
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6870
EUVD
EUVD-2026-26348
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark From 4.4.0 (inc) to 4.4.14 (inc)
wireshark wireshark From 4.6.0 (inc) to 4.6.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-824 The product accesses or uses a pointer that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-6870 vulnerability affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It is caused by a crash in the GSM RP protocol dissector component of Wireshark.

This crash can be triggered by processing a malformed packet sent over the network or by opening a malicious packet trace file. The root cause is a heap buffer overflow due to a stale data structure in the code handling RP User-Data through BSSMAP VGCS-SMS messages.

This vulnerability leads to out-of-bounds memory access and application crashes when dissecting certain GSM protocol messages.

Impact Analysis

This vulnerability can cause Wireshark to crash, resulting in a denial-of-service condition.

An attacker could exploit this by sending malformed packets or crafting malicious packet trace files that trigger the crash when analyzed.

While no known exploits currently exist, the potential impact is disruption of network analysis or monitoring activities due to application instability.

Detection Guidance

The vulnerability can be detected by analyzing network traffic or packet trace files that trigger the GSM RP protocol dissector crash in Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

A proof-of-concept PCAP file with just three packets is available to reproduce the issue, which can be used to test if your Wireshark installation is vulnerable.

To detect the vulnerability, you can attempt to open suspicious or malformed GSM RP protocol packets in the affected Wireshark versions and observe if the application crashes.

While specific commands are not provided, using Wireshark to load and dissect GSM RP protocol traffic or the provided proof-of-concept PCAP file can help identify if the vulnerability is present.

Mitigation Strategies

The recommended immediate mitigation step is to upgrade Wireshark to version 4.6.5, 4.4.15, or later, where the vulnerability has been fixed.

Avoid opening untrusted or suspicious packet trace files that contain GSM RP protocol data in the affected Wireshark versions to prevent denial-of-service crashes.

Compliance Impact

The provided information does not include any details on how the CVE-2026-6870 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart