This vulnerability in Wireshark's SMB2 protocol dissector causes an infinite loop due to a loop with an unreachable exit condition (CWE-835). It affects Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The infinite loop can be triggered by specially crafted SMB2 packets, leading to denial of service by causing the application to hang or consume excessive resources. The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or integrity impact, but high impact on availability. There is no vendor advisory or patch link currently available, and no known exploits have been reported.

Successful exploitation results in denial of service by causing Wireshark to enter an infinite loop when processing SMB2 protocol data. This impacts availability of the affected application instance but does not affect confidentiality or integrity of data. The attack requires local access and user interaction, limiting the attack surface.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid analyzing untrusted SMB2 traffic with affected Wireshark versions to reduce risk of denial of service. Monitor official Wireshark channels for updates and apply patches promptly once released.