Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via Malicious Packets

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

The Wireshark Foundation has released Wireshark 4.6.7, a security-focused update that fixes multiple vulnerabilities that can cause the popular network protocol analyzer to crash when processing specially crafted packets or capture files.

Wireshark is widely used by security researchers, network administrators, developers, and incident-response teams to inspect network traffic and troubleshoot communication problems.

Because the application parses hundreds of complex protocols and capture formats, malformed input can expose weaknesses in individual dissectors and file parsers.

The latest release addresses 12 security advisories, identified as wnpa-sec-2026-52 through wnpa-sec-2026-63. Most of the flaws could cause Wireshark to terminate unexpectedly, enter an excessive processing loop, or become unresponsive while analyzing malicious data.

Wireshark 4.6.7 Released

Affected components include the Catapult DCT2000, SSH, IEEE 802.11, Z39.50, UMTS FP, FMP/NOTIFY, and TLS Encrypted Client Hello dissectors. Security fixes were also introduced for the pcapng, BLF, and DBS Etherwatch capture-file parsers, along with the Ciscodump external capture utility.

Advisory Affected component Vulnerability type Potential impact
wnpa-sec-2026-52 Catapult DCT2000 protocol dissector Crash / buffer-handling flaw A malicious packet or capture file could cause Wireshark to crash.
wnpa-sec-2026-53 pcapng file parser Parser crash Opening a specially crafted pcapng capture file could terminate Wireshark.
wnpa-sec-2026-54 FMP/NOTIFY protocol dissector Excessive processing loop Crafted traffic could make Wireshark consume excessive CPU resources or become unresponsive.
wnpa-sec-2026-55 SSH protocol dissector Dissector crash Malformed SSH traffic could crash Wireshark during packet analysis.
wnpa-sec-2026-56 TLS ECH decryption Decryption-related crash Specially crafted TLS Encrypted Client Hello data could cause a crash.
wnpa-sec-2026-57 IEEE 802.11 protocol dissector Dissector crash Malicious or malformed wireless frames could terminate the application.
wnpa-sec-2026-58 Z39.50 protocol dissector Dissector crash A crafted Z39.50 packet could cause Wireshark to crash.
wnpa-sec-2026-59 UMTS FP protocol dissector Dissector crash Malformed UMTS Frame Protocol traffic could trigger an application crash.
wnpa-sec-2026-60 BLF file parser Information disclosure A crafted Binary Logging Format file could expose unintended process or memory information.
wnpa-sec-2026-61 Multiple protocol dissectors Infinite loops Malicious packets could cause Wireshark to hang indefinitely, resulting in denial of service.
wnpa-sec-2026-62 DBS Etherwatch file parser Parser crash Opening a malicious DBS Etherwatch capture file could crash Wireshark.
wnpa-sec-2026-63 Ciscodump extcap utility External capture utility crash Crafted input or capture conditions could cause the Ciscodump component to terminate unexpectedly.

One notable issue, tracked as wnpa-sec-2026-61, involves infinite loops in multiple protocol dissectors. An attacker could potentially abuse such flaws to consume processing resources and disrupt an analyst’s workflow. Another vulnerability in the BLF parser could result in information disclosure when a crafted capture file is opened.

The update also resolves a use-after-free condition in the Ethernet POWERLINK dissector, a heap-buffer overflow in the Android Logcat parser, and a heap-buffer-overflow read triggered while compiling certain time-based display filters.

Additional stability fixes address memory leaks, malformed H.265 packet handling, a heap-corruption crash involving Wireshark’s saved recent settings, and several issues discovered through fuzz testing.

These vulnerabilities are especially relevant in environments where analysts regularly examine untrusted packet captures, malware-generated traffic, suspicious wireless frames, or files submitted by third parties.

Simply opening or processing a malicious capture may be enough to trigger some of the affected flaws. The listed advisories do not describe remote code execution, but crashes, hangs, and unintended data exposure can still interfere with investigations and security operations.

Wireshark 4.6.7 does not add new protocol support. However, it updates numerous existing dissectors, including DNS, BACapp, DCERPC, EPL, H.265, IEEE 802.11, SSH, UMTS FP, and Z39.50. Support for Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng capture files has also been improved.

Windows installation packages are now built with Visual Studio 2026. The project also clarified an earlier change affecting the default extcap binary location on Unix-like systems, which may require packaging adjustments for third-party extensions.

Wireshark is maintained by the nonprofit Wireshark Foundation, which supports protocol-analysis education, official training, certification, and the SharkFest developer and user conference.

The project relies on community contributions and sponsorships to continue developing the analyzer and responding to security issues across its extensive protocol ecosystem.

Administrators should review automated workflows that ingest captures without manual validation, since unattended parsing may expose vulnerable components during routine operations.

Users and organizations running affected Wireshark versions should upgrade to version 4.6.7 as soon as practical. Until systems are updated, analysts should avoid opening capture files from unknown or untrusted sources and use isolated analysis environments when inspecting suspicious traffic.

Stop Accepting SLAs Written for 2019 SOCs – Here’s the 2026 AI SLA Vendor ChecklistDownload Free AI SOC SLA Guide

The post Wireshark 4.6.7 Released With Fixes for Vulnerabilities Allowing Crashes via Malicious Packets appeared first on Cyber Security News.