Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support

Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support

Posted on By CWS

Wireshark 4.6.2, the most recent model of the main open-source community protocol analyzer, addresses important crash vulnerabilities and plugin compatibility points. This upkeep launch prioritizes stability for customers in troubleshooting and safety evaluation.​

Builders patched two denial-of-service vulnerabilities recognized in latest dissectors. The HTTP3 dissector crash (CVE-2025-13945) happens throughout decryption of site visitors by way of keylog recordsdata or seize recordsdata with secrets and techniques, probably triggered by malformed packets.

Equally, the MEGACO dissector infinite loop (CVE-2025-13946) could cause extreme CPU utilization beneath malformed enter. Each have an effect on variations 4.6.0-4.6.1 and 4.4.0-4.4.11, with CVSS v3.1 base scores of 5.5 (Medium).​

CVE IDDescriptionAffected VersionsCVSS v3.1ReferencesCVE-2025-13945HTTP3 dissector crash on decryption4.6.0-4.6.1, 4.4.0-4.4.115.5wnpa-sec-2025-07​CVE-2025-13946MEGACO dissector infinite loop4.6.0-4.6.1, 4.4.0-4.4.115.5wnpa-sec-2025-08​

No exploits are recognized, however attackers may induce crashes remotely.​

The replace corrects an API/ABI change from 4.6.1, breaking plugins from 4.6.0. Further fixes cowl Omnipeek file assist, stack buffer overflow in BER dealing with, fuzz-induced crashes, and a base32 perform naming error. Home windows installers now embrace Visible C++ Redistributable 14.44.35112 for higher compatibility.

Up to date dissectors enhance parsing for ATM PW, COSEM, GTP, HTTP3, IEEE 802.15.4, MEGACO, PTP, SMTP, and others. Peektagged seize recordsdata achieve native assist, aiding various community forensics duties. No new protocols added, specializing in reliability.​

Customers ought to improve promptly by way of the Wireshark Obtain web page and confirm plugin compatibility. The Wireshark Basis encourages contributions at wiresharkfoundation.org. This launch bolsters Wireshark’s position in protocol schooling and SharkFest occasions.​

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Hackers Attacking MongoDB Instances to Delete Database and Add Ransom Note Hackers Attacking MongoDB Instances to Delete Database and Add Ransom Note Cyber Security News
Beware of Weaponized VS Code Extension Named ClawdBot Agent that Deploys ScreenConnect RAT Beware of Weaponized VS Code Extension Named ClawdBot Agent that Deploys ScreenConnect RAT Cyber Security News
Retail Finance Giant SitusAMC Data Breach Exposes Accounting Records and Legal Agreements Retail Finance Giant SitusAMC Data Breach Exposes Accounting Records and Legal Agreements Cyber Security News
Microsoft Removes PowerShell 2.0  from Windows To Clean up Legacy Code Microsoft Removes PowerShell 2.0  from Windows To Clean up Legacy Code Cyber Security News
Hackers Abuse EV Certificates to Sign Completely Undetectable DMG Malware Hackers Abuse EV Certificates to Sign Completely Undetectable DMG Malware Cyber Security News
NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution Cyber Security News