Volerion logoVolerion
Volerion logoVolerion

Wireshark RPKI-Router Protocol Dissector Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. The issue arises in the RPKI-Router protocol dissector, where the protocol handling can enter an infinite loop. This loop is caused by the dissector's failure to properly validate packet lengths, allowing a malformed packet to be processed repeatedly without termination, which can lead to excessive CPU resource consumption.

Impact

Exploitation of this vulnerability can cause Wireshark to hang indefinitely while processing, effectively leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using TShark, a command-line version of Wireshark, to read a packet capture file (PCAPNG) that contains a malformed RPKI-Router protocol packet. This can be done by specifying the 'ip.defragment:FALSE' option to prevent IP packet defragmentation, which could otherwise alter the way the malformed packet is processed.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.

Added: Apr 30, 2026, 7:52 AM
Updated: Apr 30, 2026, 7:52 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
6.0
remediation
7.7
relevance
7.1
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.