The Wireshark Foundation has officially released Wireshark 4.6.3, the latest update to the world’s most popular network protocol analyzer.
This release is critical for network administrators, security analysts, and developers, as it addresses multiple security vulnerabilities that could lead to denial-of-service (DoS) conditions through dissector and parser crashes.
Given Wireshark’s widespread use in troubleshooting, software development, and educational contexts, these stability fixes are essential for maintaining reliable network visibility.
Wireshark is a cornerstone tool for inspecting network traffic, but its complex parsing engines can sometimes be susceptible to malformed packets.
The 4.6.3 update specifically targets flaws where crafted packets could trigger infinite loops or crash the application, effectively blinding a security team during an analysis session.
Security Vulnerabilities Fixed
The primary focus of this release is the remediation of four specific vulnerabilities identified in the dissector and parser modules. These flaws allow attackers to disrupt Wireshark operations by injecting malformed data into a network stream or capture file.
The following table details the security issues resolved in version 4.6.3:
| Vulnerability ID | Component | Issue Type | Reference |
|---|---|---|---|
| wnpa-sec-2026-01 | BLF File Parser | Application Crash | Issue 20880 |
| wnpa-sec-2026-02 | IEEE 802.11 Dissector | Dissector Crash | Issue 20939 |
| wnpa-sec-2026-03 | SOME/IP-SD Dissector | Dissector Crash | Issue 20945 |
| wnpa-sec-2026-04 | HTTP3 Dissector | Infinite Loop | Issue 20944 |
The most notable among these is the HTTP3 dissector infinite loop (wnpa-sec-2026-04). Infinite loops are particularly dangerous in automated monitoring environments, as they can consume excessive CPU resources, rendering the analysis machine unresponsive.
Similarly, the crashes in the IEEE 802.11 (Wi-Fi) and SOME/IP-SD modules highlight the risks associated with analyzing wireless and automotive service-oriented protocols.
Bug Fixes and Stability
Beyond security patches, Wireshark 4.6.3 includes several functional improvements and bug fixes that enhance the user experience across different platforms.
- Solaris Build Fix: A compilation error affecting Wireshark 4.6.0 on Solaris systems (related to
pcapio.c) has been resolved, restoring compatibility for users on that infrastructure. - RTP Player: A frustrating bug where RTP player streams could not be stopped has been fixed, allowing for smoother analysis of VoIP traffic.
- Data Parsing Errors: Issues with missing data in HomePlug messages and incorrect parsing of IEEE 802.11 QoS fields when A-MSDU is present have been corrected.
- MaxMind DB: A crash occurring when switching profiles with MaxMind DB enabled or disabled has been patched.
As with every release, the Wireshark development team has updated support for a wide array of protocols to ensure accurate decoding of modern network traffic. New or updated support is available for:
- Core Protocols: DHCP, SSH, HTTP3, and QUIC.
- Telecommunications: LTE RRC, NAS-5GS, and H.248.
- Industrial/IoT: HomePlug AV, SOME/IP-SD, and IEEE 802.11.
Additionally, capture file support has been improved for 3GPP TS 32.423 Trace, BLF, NetScreen, and Viavi Observer formats.
Wireshark is maintained by the Wireshark Foundation, a nonprofit dedicated to promoting protocol analysis education. The project relies on community contributions to sustain its development.
Professionals looking to deepen their expertise can attend SharkFest, the official developer and user conference, or pursue the Wireshark Certified Analyst credential.
Users are strongly advised to upgrade to Wireshark 4.6.3 immediately to mitigate the risks associated with the patched vulnerabilities. The installer and source code are available on the official Wireshark download page.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
