Wireshark has released version 4.6.74.6.74.6.7, addressing 121212 security flaws across protocol dissectors, capture-file parsers, and its external capture interface.
The update resolves issues affecting SSH, TLS Encrypted Client Hello (ECH), IEEE 802.11802.11802.11 Wi-Fi traffic, and pcapng capture files, among other protocols and formats.
Wireshark is widely used by network administrators, security researchers, incident responders, and developers to capture and inspect network traffic. Because the tool processes untrusted packets and packet-capture files, parser flaws can be particularly relevant in environments where analysts open captures obtained from external sources.
Wireshark 4.6.7 Released
The patched vulnerabilities are tracked through Wireshark Network Security Advisories, or WNPA advisories. Most of the issues could cause Wireshark to crash while dissecting specially crafted data, posing a denial-of-service risk to analysts and automated packet-processing workflows.
Notable fixes in Wireshark 4.6.74.6.74.6.7 include:
- wnpa-sec-2026-53: A crash in the pcapng file parser, affecting the widely used next-generation packet-capture format.
- wnpa-sec-2026-55: A crash in the SSH dissector, which parses Secure Shell traffic.
- wnpa-sec-2026-56: A crash during TLS ECH decryption, affecting analysis of modern TLS traffic using Encrypted Client Hello.
- wnpa-sec-2026-57: A crash in the IEEE 802.11802.11802.11 dissector used to decode Wi-Fi traffic.
- wnpa-sec-2026-60: An information disclosure issue in the BLF file parser.
- wnpa-sec-2026-61: Multiple infinite-loop vulnerabilities in protocol dissectors, which could consume CPU resources and render the application unresponsive.
Other fixes address crashes involving the Catapult DCT2000 dissector, FMP/NOTIFY, Z39.50, UMTS FP, DBS Etherwatch capture files, and the Ciscodump extcap component.
An attacker could potentially exploit these conditions by persuading a target to open a malicious packet capture or by supplying malformed network traffic to an actively capturing Wireshark instance. The release notes do not describe remote code execution, but crashes, hangs, and data exposure can still disrupt forensic workflows and analysis infrastructure.
Additional Reliability Fixes
Beyond the security advisories, Wireshark 4.6.74.6.74.6.7 corrects several stability and parsing defects. These include a use-after-free condition in the Ethernet POWERLINK dissector, heap-buffer-overflow issues in the Android Logcat parser and display-filter time parsing, memory leaks, UTF-888 fuzzing failures, and a heap-corruption crash related to saved configuration data.
The release also fixes incorrect protocol identification for certain IPv6 ping traffic. It resolves H.265 dissector behavior that could incorrectly flag valid packets as malformed.
Updated protocol support covers SSH, TLS-related components, IEEE 802.11802.11802.11, DNS, DCERPC, BACapp, Catapult DCT2000, FMP/NOTIFY, H.265, UMTS FP, and Z39.50. Capture-file handling updates include Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng.
For Windows users, the Wireshark 4.6.74.6.74.6.7 installers are now built using Visual Studio 202620262026.
The project also reiterated an earlier UNIX packaging change: extcap helper binaries are searched under the libexec directory by default, such as /usr/libexec/wireshark/extcap. Third-party extcap package maintainers may need to adjust installations accordingly. However, the path can be overridden through the WIRESHARK_EXTCAP_DIR environment variable.
Organizations and analysts should upgrade to Wireshark 4.6.74.6.74.6.7 promptly, particularly if they routinely inspect untrusted pcapng files, Wi-Fi captures, encrypted TLS sessions, or SSH traffic.
Interact with Cyber Threats in Windows, Linux, macOS VMs to Trigger Full Attack Chain - Analyse Malware & Phishing with ANY RUN

