CVE-2026-6523

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-6523
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-6523.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-6523
Downstream
Related
Published
2026-04-30T05:34:14.217Z
Modified
2026-06-02T08:59:20.884511360Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Details

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Database specific 
{
    "cwe_ids": [
        "CWE-835"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6523.json",
    "cna_assigner": "GitLab",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.6.0"
                },
                {
                    "fixed": "4.6.5"
                },
                {
                    "introduced": "4.4.0"
                },
                {
                    "fixed": "4.4.15"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Last affected
2e231b8d9926750a68f69a0ed5f80af3cacfe9c3
Introduced
cdfb6721e77c19d43f4787f66e9d5f2525281a22
Last affected
93282876538d78a2927108dd71ee0ff370aedb0a
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "4.4.0"
        },
        {
            "last_affected": "4.4.14"
        },
        {
            "introduced": "4.6.0"
        },
        {
            "last_affected": "4.6.4"
        }
    ],
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
}

Affected versions

v4.*
v4.4.0
v4.4.1
v4.4.10
v4.4.10rc0
v4.4.11
v4.4.11rc0
v4.4.12
v4.4.12rc0
v4.4.13
v4.4.13rc0
v4.4.14
v4.4.14rc0
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4
v4.4.4rc0
v4.4.5
v4.4.5rc0
v4.4.6
v4.4.6rc0
v4.4.7
v4.4.7rc0
v4.4.8
v4.4.8rc0
v4.4.9
v4.4.9rc0
v4.6.0
v4.6.1
v4.6.1rc0
v4.6.2
v4.6.2rc0
v4.6.3
v4.6.3rc0
v4.6.4
v4.6.4rc0
v4.6.7rc0
wireshark-4.*
wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3
wireshark-4.4.4
wireshark-4.4.5
wireshark-4.4.6
wireshark-4.4.7
wireshark-4.4.8
wireshark-4.4.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-6523.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Last affected
2e231b8d9926750a68f69a0ed5f80af3cacfe9c3
Introduced
cdfb6721e77c19d43f4787f66e9d5f2525281a22
Last affected
93282876538d78a2927108dd71ee0ff370aedb0a
Database specific 
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.4.0"
        },
        {
            "last_affected": "4.4.14"
        },
        {
            "introduced": "4.6.0"
        },
        {
            "last_affected": "4.6.4"
        }
    ]
}

Affected versions

v4.*
v4.4.0
v4.4.1
v4.4.10
v4.4.10rc0
v4.4.11
v4.4.11rc0
v4.4.12
v4.4.12rc0
v4.4.13
v4.4.13rc0
v4.4.14
v4.4.14rc0
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4
v4.4.4rc0
v4.4.5
v4.4.5rc0
v4.4.6
v4.4.6rc0
v4.4.7
v4.4.7rc0
v4.4.8
v4.4.8rc0
v4.4.9
v4.4.9rc0
v4.6.0
v4.6.1
v4.6.1rc0
v4.6.2
v4.6.2rc0
v4.6.3
v4.6.3rc0
v4.6.4
v4.6.4rc0
wireshark-4.*
wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3
wireshark-4.4.4
wireshark-4.4.5
wireshark-4.4.6
wireshark-4.4.7
wireshark-4.4.8
wireshark-4.4.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-6523.json"