Wireshark 4.6.7 Fixes Critical Vulnerabilities Allowing Remote Code Execution
Key Takeaways The Wireshark Foundation has released version 4.6.7, a critical security update for its popular network protocol analyzer. This update addresses 12 security advisories (wnpa-sec-2026-52...
Key Takeaways
- The Wireshark Foundation has released version 4.6.7, a critical security update for its popular network protocol analyzer.
- This update addresses 12 security advisories (wnpa-sec-2026-52 through wnpa-sec-2026-63) impacting various dissectors and file parsers.
- Vulnerabilities range from application crashes and excessive processing loops to potential information disclosure.
- While no remote code execution flaws were detailed, these issues can significantly disrupt security investigations and operations.
- Users are strongly advised to upgrade to Wireshark 4.6.7 immediately.
Wireshark Foundation Releases Critical Security Update 4.6.7
The Wireshark Foundation has rolled out Wireshark 4.6.7, a vital security-focused release designed to patch numerous vulnerabilities within its widely used network protocol analyzer. These flaws could lead to application instability, including crashes, hangs, or excessive resource consumption, when the software processes maliciously crafted network packets or capture files.
Table Of Content
Wireshark serves as an indispensable tool for a broad spectrum of cybersecurity professionals, including security researchers, network administrators, software developers, and incident response teams. Its primary function is to meticulously inspect network traffic and diagnose communication issues. Given its capability to parse hundreds of intricate protocols and capture formats, the application is inherently susceptible to vulnerabilities arising from malformed input interacting with its specialized dissectors and file parsers.
Addressing Multiple Security Advisories
The latest release addresses a total of 12 security advisories, identified sequentially from wnpa-sec-2026-52 to wnpa-sec-2026-63. The majority of these vulnerabilities could cause Wireshark to terminate unexpectedly, enter an infinite processing loop, or become unresponsive when analyzing hostile data.
Affected components span a wide range of dissectors, including those for Catapult DCT2000, SSH, IEEE 802.11, Z39.50, UMTS FP, FMP/NOTIFY, and TLS Encrypted Client Hello. Furthermore, critical security fixes have been implemented for the pcapng, BLF, and DBS Etherwatch capture-file parsers, alongside improvements to the Ciscodump external capture utility.
Among the notable vulnerabilities is wnpa-sec-2026-61, which highlights infinite loops in multiple protocol dissectors. Such flaws could be exploited by attackers to exhaust CPU resources, effectively disrupting an analyst’s workflow. Another significant vulnerability exists in the BLF parser, potentially leading to information disclosure if a specially crafted capture file is opened.
The update also resolves a use-after-free condition discovered in the Ethernet POWERLINK dissector, a heap-buffer overflow within the Android Logcat parser, and another heap-buffer-overflow read triggered during the compilation of specific time-based display filters. Additional stability enhancements target memory leaks, improve handling of malformed H.265 packets, fix a heap-corruption crash related to Wireshark’s saved settings, and address several issues identified through rigorous fuzz testing.
These vulnerabilities are particularly critical in operational environments where analysts routinely handle untrusted packet captures, analyze traffic generated by malware, examine suspicious wireless frames, or process files submitted by external parties. In some cases, merely opening or processing a malicious capture file could be sufficient to trigger these flaws. While the advisories do not detail remote code execution capabilities, the potential for application crashes, indefinite hangs, and unintended data exposure can severely impede ongoing investigations and broader security operations.
Beyond Security: Performance and Platform Updates
While Wireshark 4.6.7 does not introduce new protocol support, it brings substantial updates to numerous existing dissectors, including DNS, BACapp, DCERPC, EPL, H.265, IEEE 802.11, SSH, UMTS FP, and Z39.50. Improvements have also been made to the support for Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng capture files.
On the development front, Windows installation packages are now compiled using Visual Studio 2026. The project also provided clarification regarding a previous change affecting the default external capture (extcap) binary location on Unix-like systems, which may necessitate adjustments for third-party extensions.
The Wireshark project is sustained by the nonprofit Wireshark Foundation, which champions protocol analysis education, official training, certification, and the annual SharkFest developer and user conference. The project’s continued development and its ability to address security concerns across its vast protocol ecosystem are heavily reliant on community contributions and sponsorships.
What You Should Do
- Upgrade Immediately: All users and organizations running affected Wireshark versions should upgrade to version 4.6.7 without delay.
- Exercise Caution with Untrusted Files: Until systems are updated, avoid opening capture files from unknown or untrusted sources.
- Utilize Isolated Environments: When inspecting suspicious network traffic or potentially malicious capture files, perform analysis within isolated virtual machines or sandboxed environments to mitigate risk.
- Review Automated Workflows: Administrators should audit any automated processes that ingest and parse network captures without manual validation, as unattended processing could inadvertently expose vulnerable components.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.