Wireshark 4.6.2, the latest version of the leading open-source network protocol analyzer, addresses critical crash vulnerabilities and plugin compatibility issues. This maintenance release prioritizes stability for users in troubleshooting and security analysis.
Developers patched two denial-of-service vulnerabilities identified in recent dissectors. The HTTP3 dissector crash (CVE-2025-13945) occurs during decryption of traffic via keylog files or capture files with secrets, potentially triggered by malformed packets.
Similarly, the MEGACO dissector infinite loop (CVE-2025-13946) can cause excessive CPU usage under malformed input. Both affect versions 4.6.0-4.6.1 and 4.4.0-4.4.11, with CVSS v3.1 base scores of 5.5 (Medium).
| CVE ID | Description | Affected Versions | CVSS v3.1 | References |
|---|---|---|---|---|
| CVE-2025-13945 | HTTP3 dissector crash on decryption | 4.6.0-4.6.1, 4.4.0-4.4.11 | 5.5 | wnpa-sec-2025-07 |
| CVE-2025-13946 | MEGACO dissector infinite loop | 4.6.0-4.6.1, 4.4.0-4.4.11 | 5.5 | wnpa-sec-2025-08 |
No exploits are known, but attackers could induce crashes remotely.
The update corrects an API/ABI change from 4.6.1, breaking plugins from 4.6.0. Additional fixes cover Omnipeek file support, stack buffer overflow in BER handling, fuzz-induced crashes, and a base32 function naming error. Windows installers now include Visual C++ Redistributable 14.44.35112 for better compatibility.
Updated dissectors improve parsing for ATM PW, COSEM, GTP, HTTP3, IEEE 802.15.4, MEGACO, PTP, SMTP, and others. Peektagged capture files gain native support, aiding diverse network forensics tasks. No new protocols added, focusing on reliability.
Users should upgrade promptly via the Wireshark Download page and verify plugin compatibility. The Wireshark Foundation encourages contributions at wiresharkfoundation.org. This release bolsters Wireshark’s role in protocol education and SharkFest events.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
