Wireshark 4.6.x/4.4.x MySQL dissector DoS (CVE-2026-6524): CVE-2026-6524 April 2026

Wireshark 4.6.x/4.4.x MySQL dissector DoS (CVE-2026-6524)
CVE-2026-6524 Published on April 30, 2026

Access of Uninitialized Pointer in Wireshark
MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vulnerability Analysis

CVE-2026-6524 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Access of Uninitialized Pointer

The program accesses or uses a pointer that has not been initialized.

Products Associated with CVE-2026-6524

Want to know whenever a new CVE is published for Wireshark? stack.watch will email you.

Affected Versions

Version 4.6.0 and below 4.6.5 is affected.

Version 4.4.0 and below 4.4.15 is affected.

Wireshark 4.6.x/4.4.x MySQL dissector DoS (CVE-2026-6524)CVE-2026-6524 Published on April 30, 2026

Vulnerability Analysis

Weakness Type

Access of Uninitialized Pointer

Products Associated with CVE-2026-6524

Affected Versions

Wireshark 4.6.x/4.4.x MySQL dissector DoS (CVE-2026-6524)
CVE-2026-6524 Published on April 30, 2026