The Wireshark Basis has rolled out a vital safety replace for its extensively used community protocol analyzer, addressing a number of vulnerabilities that might result in denial-of-service circumstances.
The newest launch, model 4.6.1, particularly targets flaws found within the Bundle Protocol model 7 (BPv7) and Kafka dissectors. These vulnerabilities, if left unpatched, enable attackers to forcibly crash the appliance by injecting malicious knowledge right into a community stream or a hint file.
Dissector Crashes Expose Customers to Denial of Service
The core of the latest safety advisory focuses on how Wireshark parses particular community protocols. Safety researchers recognized a major flaw within the BPv7 dissector, tracked as wnpa-sec-2025-05, which impacts model 4.6.0.
The same vulnerability was found within the Kafka dissector, designated wnpa-sec-2025-06, impacting model 4.6.0 in addition to 4.4.x department starting from 4.4.0 to 4.4.10.
Advisory IDComponentVulnerability TypeImpactAffected VersionsFixed Versionwnpa-sec-2025-05BPv7 DissectorNULL Pointer Dereference / CrashDenial of Service (DoS)4.6.04.6.1wnpa-sec-2025-06Kafka DissectorMemory Corruption / CrashDenial of Service (DoS)4.6.0, 4.4.0 – 4.4.104.6.1, 4.4.11
In each situations, the mechanism for exploitation includes the injection of a malformed packet. Attackers can set off these crashes both by transmitting a specifically crafted packet onto a dwell community interface that Wireshark is monitoring or by convincing a goal analyst to open a compromised packet hint file.
Whereas the Wireshark staff found these points throughout inside testing and is at present unaware of lively exploitation within the wild, the potential for disruption stays excessive for safety operations facilities (SOCs) and community directors who depend on the software for steady monitoring.
Past the first safety patches, the upkeep launch resolves quite a lot of stability points that hindered protocol evaluation. Vital corrections had been utilized to the L2CAP dissector, which beforehand did not accurately interpret retransmission modes, and the DNS HIP dissector, which erroneously labeled PK algorithms as HIT lengths.
The event staff additionally addressed a crash in TShark triggered by Lua plugins and resolved a particular subject the place the appliance would stall when choosing messages.
Additional enhancements embrace fixes for the TCP dissector, creating invalid packet diagrams, and corrections for LZ4-compressed output file write failures. Customers working with advanced community environments will profit from the resolved battle between endian.h and libc throughout plugin builds.
The replace additionally ensures that UDP Port 853 is accurately decoded as QUIC (DoQ) and restores performance for Omnipeek information that had been beforehand incompatible with model 4.6.0.
Subject IDComponentDescriptionIssue 2241L2CAP DissectorCorrected logic; the dissector now correctly understands retransmission mode.Subject 20768DNS HIP DissectorFixed a labeling error the place the PK algorithm was incorrectly recognized as HIT size.Subject 20776Build SystemResolved aclang-clcompilation error inpacket-zbee-direct.c.Subject 20779File I/OAddressed a failure when writing to an LZ4-compressed output file.Subject 20786PluginsFixed a battle betweenendian.handlibcwhen constructing plugins.Subject 20794TSharkResolved a crash brought on by Lua plugins.Subject 20797UI PerformanceFixed a difficulty the place Wireshark stalled for a number of seconds when choosing particular messages.Subject 20802TLS DissectorCorrected dealing with of TLS Abbreviated Handshakes utilizing New Session Tickets.Subject 20803WebSocketFixed a bug the place customized WebSocket dissectors did not run.Subject 20813DCERPC DissectorResolved a dissector bug inpacket-dcerpc.ctriggered byWINREG QueryValue.Subject 20817Lua APIFixed a crash inFileHandlerwhen studying packets.Subject 20818Filter EngineFixedApply As FilterforFT_NONE/BASE_NONEfields (single byte) to accurately use hex values.Subject 20819UI LayoutResolved an issue in “Pane 3” desire format when choosing “Packet Diagram” or “None”.Subject 20820TCP DissectorFixed the creation of invalid packet diagrams.Subject 20831File FormatFixed a difficulty with too many nested VLAN tags when opening as File Format.Subject 20842File SupportRestored help for Omnipeek information, which was damaged in model 4.6.0.Subject 20845IsoBus DissectorAdded help for UTF-16 strings in string operations.Subject 20849SNMP DissectorCorrected filtering forgetBulkRequestrequest-IDs.Subject 20852Fuzz TestingAddressed a particular fuzz job subject (fuzz-2025-11-12-12064814316.pcap).Subject 20856QUIC/DoQEnsure UDP Port 853 (DoQ) is accurately decoded as QUIC.
Community directors and safety analysts ought to prioritize upgrading to Wireshark 4.6.1 or 4.4.11 instantly. The replace is out there for obtain instantly from the Wireshark Basis’s web site or by means of respective package deal managers for Linux and Unix distributions.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
