CVE-2026-6870
GSM RP Protocol Dissector DoS in Wireshark
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.4.0 (inc) to 4.4.14 (inc) |
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-6870 vulnerability affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. It is caused by a crash in the GSM RP protocol dissector component of Wireshark.
This crash can be triggered by processing a malformed packet sent over the network or by opening a malicious packet trace file. The root cause is a heap buffer overflow due to a stale data structure in the code handling RP User-Data through BSSMAP VGCS-SMS messages.
This vulnerability leads to out-of-bounds memory access and application crashes when dissecting certain GSM protocol messages.
How can this vulnerability impact me? :
This vulnerability can cause Wireshark to crash, resulting in a denial-of-service condition.
An attacker could exploit this by sending malformed packets or crafting malicious packet trace files that trigger the crash when analyzed.
While no known exploits currently exist, the potential impact is disruption of network analysis or monitoring activities due to application instability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by analyzing network traffic or packet trace files that trigger the GSM RP protocol dissector crash in Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
A proof-of-concept PCAP file with just three packets is available to reproduce the issue, which can be used to test if your Wireshark installation is vulnerable.
To detect the vulnerability, you can attempt to open suspicious or malformed GSM RP protocol packets in the affected Wireshark versions and observe if the application crashes.
While specific commands are not provided, using Wireshark to load and dissect GSM RP protocol traffic or the provided proof-of-concept PCAP file can help identify if the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade Wireshark to version 4.6.5, 4.4.15, or later, where the vulnerability has been fixed.
Avoid opening untrusted or suspicious packet trace files that contain GSM RP protocol data in the affected Wireshark versions to prevent denial-of-service crashes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how the CVE-2026-6870 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.