The latest release of Wireshark, version 4.6.6, addresses a significant security flaw within the ROHC protocol dissector that could potentially allow a crash through the injection of a malformed packet. This update also tackles over a dozen stability and compatibility issues that have been affecting Windows users.
Key Security Fixes in Wireshark 4.6.6
The main security improvement in this release targets a vulnerability identified as wnpa-sec-2026-51, documented under Issue 21243. This flaw was located in the ROHC protocol dissector, which is responsible for interpreting compressed headers of IP packets.
An attacker could exploit this vulnerability by introducing a malformed packet into a live capture session or by submitting a specially crafted .pcap file. Such actions could lead to an unhandled crash, resulting in disruptions to network analysis processes and potentially impacting monitoring systems.
Additional Bug Fixes and Improvements
Beyond addressing security concerns, Wireshark 4.6.6 provides fixes for several critical bugs. This includes resolving a crash issue under Visual Studio, identified as Work Item 24787, which was a regression in the development environment.
Other fixes involve correcting uninitialized memory reads in certain file readers and addressing compatibility problems with Windows 10 v1809 and Server 2019, which were linked to Issue 21237. Furthermore, issues relating to the accidental removal of features during upgrades and increased executable size due to packaging errors have been corrected.
Enhancements and Protocol Support
This version introduces Npcap 1.88, replacing the earlier version 1.87, to improve packet capture reliability on Windows platforms. Although no new protocols are introduced in this release, updated dissector support now includes BACapp, MACsec, ROHC, Kafka, SIP, PFCP, BPv7, among others.
For Unix systems, there’s a notable change in the default directory for extcap binaries, now set to /usr/libexec/wireshark/extcap, a modification initially introduced earlier in version 4.6.0 but now formally documented.
For security professionals and network analysts utilizing Wireshark in their operational environments, especially those dealing with untrusted packet captures, updating to version 4.6.6 is strongly recommended. The updated version is available for download on the official Wireshark website.
