Wireshark 4.6.1 Update: Critical Vulnerabilities Patched to Prevent DoS Attacks
The Wireshark Foundation has released version 4.6.1 of its widely used network protocol analyzer, addressing critical vulnerabilities that could lead to denial-of-service (DoS) attacks. These flaws, found in the Bundle Protocol version 7 (BPv7) and Kafka dissectors, could allow attackers to crash the application by injecting malicious data into network streams or trace files.
Dissector Vulnerabilities Leading to DoS
Security researchers identified significant issues in how Wireshark processes certain network protocols. The BPv7 dissector contained a NULL pointer dereference vulnerability (wnpa-sec-2025-05) affecting version 4.6.0. Similarly, the Kafka dissector had a memory corruption flaw (wnpa-sec-2025-06) impacting versions 4.6.0 and 4.4.0 through 4.4.10.
In both cases, attackers could exploit these vulnerabilities by injecting malformed packets into a network monitored by Wireshark or by persuading users to open compromised packet trace files. Although these issues were discovered during internal testing and no active exploits have been reported, the potential for disruption is significant for security operations centers and network administrators relying on Wireshark for continuous monitoring.
Additional Fixes and Enhancements
Beyond the primary security patches, version 4.6.1 includes several stability improvements:
– L2CAP Dissector: Corrected logic to properly interpret retransmission modes.
– DNS HIP Dissector: Fixed labeling errors where the PK algorithm was incorrectly identified as HIT length.
– TShark: Resolved crashes caused by Lua plugins.
– File I/O: Addressed failures when writing to LZ4-compressed output files.
– Build System: Fixed conflicts between endian.h and libc during plugin builds.
– TLS Dissector: Corrected handling of TLS Abbreviated Handshakes using New Session Tickets.
– WebSocket: Fixed issues where custom WebSocket dissectors failed to run.
– DCERPC Dissector: Resolved bugs triggered by WINREG QueryValue.
– UI Performance: Fixed application stalls when selecting specific messages.
Recommendations for Users
Users are strongly advised to upgrade to Wireshark version 4.6.1 to mitigate these vulnerabilities and benefit from the latest fixes. The update is available for Windows, macOS, and Linux through the official Wireshark website and package managers.
To further enhance security, users should:
– Verify Capture Files: Ensure the integrity of packet capture files before opening them in Wireshark.
– Limit Capture Operations: Restrict network packet capture to trusted sources.
– Implement Network Segmentation: Reduce exposure by segmenting networks appropriately.
By promptly updating to version 4.6.1 and following these best practices, organizations can maintain the reliability and security of their network analysis operations.
