The Wireshark Foundation has officially released Wireshark 4.6.4, a significant maintenance update for the world’s most popular network protocol analyzer.
This release addresses multiple security vulnerabilities and resolves various functional bugs that could impact stability and performance.
Network administrators, security analysts, and developers rely on Wireshark for troubleshooting and education.
This update is particularly critical because it fixes flaws that could expose users to Denial-of-Service (DoS) attacks via specific protocol dissectors.
The 4.6.4 release resolves three specific security issues identified in previous versions. These vulnerabilities involve memory exhaustion and crash loops in protocol dissectors, the components Wireshark uses to decode network traffic.
| Vulnerability / Issue | Description |
|---|---|
| USB HID Dissector Memory Exhaustion | Malformed USB HID packets could cause excessive memory usage, leading to crashes or instability. |
| NTS-KE Dissector Crash | Specific Network Time Security Key Establishment traffic patterns could cause analyzer crashes. |
| RF4CE Profile Dissector Crash | Stability issue fixed to prevent crashes when analyzing RF4CE (Radio Frequency for Consumer Electronics) traffic. |
Key Bug Fixes and Performance Improvements
Beyond security patches, Wireshark 4.6.4 delivers important stability fixes.
A notable performance issue regarding “Expert Info” has been resolved; previously, this feature suffered from quadratic performance degradation, becoming significantly slower as data volume increased.
Additional technical fixes include:
| Category | Fix / Improvement |
|---|---|
| TShark Stability | Fixed segmentation faults in TShark and editcap when output format set to BLF. |
| Capture File Integrity | Corrected Wiretap writing of invalid PCAPNG Darwin option blocks and custom string options. |
| Dissector Corrections | Resolved TDS desynchronization and fixed RDM status decoding in Art-Net PollReply dissector. |
| Fuzzing Crashes | Fixed crash discovered during Zigbee Direct Tunneling fuzz testing. |
While no new protocols were introduced in this release, support for a wide array of existing protocols has been updated to ensure accurate decoding.
Updated protocols include Art-Net, BGP, IEEE 802.11, IPv6, MySQL, NAS-5GS, and Socks. Capture file support has also been improved for BLF and pcapng formats.
Users are advised to update to Wireshark 4.6.4 immediately to ensure their analysis environment is secure and stable. The latest version can be downloaded directly from the Wireshark Foundation website.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
