CVE-2026-15163 in Wireshark
Summary
by MITRE • 07/09/2026
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/09/2026
Wireshark, a widely used network protocol analyzer, contains multiple protocol dissector infinite loops that can be exploited to cause denial of service conditions in versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16. These vulnerabilities arise from insufficient input validation within the protocol dissectors responsible for parsing various network protocols including but not limited to tcp udp http dns and ssl. The infinite loops occur when malformed packets or specially crafted data structures are processed by these dissectors, causing the application to enter continuous processing cycles that consume excessive cpu resources and render the tool unresponsive. This class of vulnerability maps directly to common weakness enumeration cwes 400 and 691 which specifically address unchecked loop conditions and infinite loops in software implementations. From an operational perspective these vulnerabilities pose significant risks to network security analysts and forensic investigators who rely on wireshark for packet analysis and troubleshooting. An attacker could exploit these flaws by sending maliciously constructed packets to a wireshark instance running in capture mode or by opening specially crafted packet capture files, thereby causing the application to become unresponsive and potentially leading to complete system resource exhaustion. The impact extends beyond simple service disruption as it can prevent network forensic analysis during security incidents and compromise the availability of critical monitoring infrastructure. Organizations using affected versions of wireshark should immediately update to patched releases that address these infinite loop conditions through proper input validation and loop boundary checks in protocol dissector implementations. The mitigations involve ensuring that all packet parsing routines include appropriate bounds checking and timeout mechanisms to prevent unbounded iterations during protocol analysis. These vulnerabilities align with attack techniques documented in the attack technique framework under ta0043 and ta0040 which cover denial of service and execution of malicious code through input manipulation. Network security teams should implement additional monitoring for abnormal cpu utilization patterns when running wireshark in production environments and consider isolating packet analysis workloads in secure sandboxes to limit potential impact from such vulnerabilities. The underlying cause demonstrates a fundamental flaw in defensive programming practices where loop termination conditions are not properly validated against malformed input data, representing a classic example of how insufficient error handling can lead to complete system availability compromise.