Wireshark has released version 4.6.4, delivering security and stability fixes that address several denial‑of‑service risks and multiple crashes in protocol dissectors and tools.
The update is recommended for all users, especially analysts working with untrusted capture files or live traffic from diverse protocols and devices.
Wireshark is a widely used network protocol analyzer that helps security teams, developers, and network engineers capture and inspect packet data in real time or from saved traces.
It is maintained by the nonprofit Wireshark Foundation, which also runs SharkFest conferences and offers official Wireshark training and certification for professionals who rely on protocol analysis in their daily work.
The 4.6.4 release fixes three newly disclosed security issues in protocol dissectors. CVE‑2026‑3201 affects the USB HID dissector, where improperly controlled sequential memory allocation can cause memory exhaustion and lead to a denial‑of‑service condition when parsing crafted USB HID traffic or capture files.
A third issue impacts the RF4CE Profile dissector and can also trigger a crash during packet dissection, resulting in potential loss of analysis work and interruption of capture sessions.radar.
Wireshark 4.6.4 Released
Beyond security advisories, 4.6.4 resolves several operational bugs that affect both Wireshark and its companion tools.
A long‑standing problem where Wireshark would not start when Npcap was configured to restrict driver access only to administrators has been fixed, restoring expected capture behavior on hardened Windows deployments.
Crashes and segmentation faults in TShark and editcap when working with BLF output have been addressed, reducing the risk of pipeline failures in scripted or automated analysis workflows.
Performance and decoding issues, such as quadratic slowdowns in Expert Info, failure to decode IKEv2 EMERGENCY_CALL_NUMBERS payloads, and desynchronization in the TDS dissector, have also been corrected to improve reliability in complex enterprise and telecom traces.
CVE‑2026‑3202 covers a NULL pointer dereference in the NTS‑KE dissector, which can crash Wireshark while handling malformed Network Time Security key establishment traffic.
The release does not introduce new protocol families but updates support for a wide range of existing ones, including Art‑Net, BGP, IEEE 802.11, IPv6, ISAKMP, MySQL, NAS‑5GS, NTS‑KE, Socks, USB HID, and several Zigbee‑related protocols.
Capture file handling has been improved for BLF, pcapng, and TTL formats, hardening Wireshark against malformed or fuzzed input that previously caused crashes or malformed‑packet errors.
Security teams, network operators, and developers are advised to upgrade to Wireshark 4.6.4 or the latest stable branch offered by their operating system vendor, particularly in environments where analysts open third‑party capture files or monitor untrusted networks.
Installation packages and source code are available from the official download page, while many Linux and Unix platforms provide updated builds via their native package managers.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
