The Wireshark Foundation has released a crucial update for its popular network protocol analyzer, patching two vulnerabilities that allowed attackers to crash the application simply by sending a malicious packet.
The newly released Wireshark 4.6.1 addresses flaws in the Bundle Protocol v7 (BPv7) and Kafka dissectors, both capable of triggering denial-of-service (DoS) conditions. By injecting a malformed packet—either during live packet capture or through a crafted trace file—attackers could force Wireshark to crash.
Two High-Risk Dissector Bugs Patched
Security advisories issued by the foundation highlight the following vulnerabilities:
| Advisory ID | Component | Issue | Impact | Affected Versions | Fixed In |
|---|---|---|---|---|---|
| wnpa-sec-2025-05 | BPv7 Dissector | Null Pointer Dereference | DoS | 4.6.0 | 4.6.1 |
| wnpa-sec-2025-06 | Kafka Dissector | Memory Corruption | DoS | 4.6.0, 4.4.0–4.4.10 | 4.6.1, 4.4.11 |
While no active exploitation has been observed, the vulnerabilities pose a significant risk for SOC teams, cybersecurity analysts, and network engineers who run Wireshark in real-time monitoring environments.
Additional Fixes Improve Stability and Protocol Accuracy
Along with security patches, Wireshark 4.6.1 includes numerous fixes that enhance reliability and protocol handling:
Key Bug Fixes:
- L2CAP dissector now properly handles retransmission mode.
- DNS HIP dissector corrected a labeling error involving PK algorithms.
- Fixed multiple crashes, including TShark issues caused by Lua plugins.
- Improved TLS Abbreviated Handshake handling.
- Restored support for Omnipeek files, broken in version 4.6.0.
- Corrected QUIC decoding for UDP Port 853 (DoQ).
- Resolved UI freeze when selecting certain packets.
- Addressed LZ4 output write failures and plugin build conflicts.
A full list of issue IDs—from TCP dissector fixes to WebSocket parsing corrections—further strengthens Wireshark’s stability across complex network environments.
Users Urged to Update Immediately
Network admins, SOC teams, and cybersecurity professionals are advised to update to Wireshark 4.6.1 or 4.4.11 without delay.
The update is now available through:
- The official Wireshark website
- Linux/Unix distribution package managers
Failing to update leaves systems vulnerable to targeted DoS attacks through malicious packet injection.