Wireshark 4.6.7 Addresses 12 Critical Security Vulnerabilities

www.news4hackers.com-wireshark-4-6-7-addresses-12-critical-security-vulnerabilities-wireshark-4-6-7-addresses-12-critical-security-vulnerabilities

Wireshark 4.6.7 addresses multiple vulnerabilities impacting protocol analysis capabilities.

Security Vulnerabilities Addressed

Users analyzing network traffic with Wireshark may inadvertently process malicious data through various protocol parsers, creating opportunities for exploitation. The 4.6.7 update resolves 12 critical security issues across the software’s parsing components. These fixes span multiple protocol dissectors and file format handlers, addressing risks associated with malformed network packets and capture files. The majority of the resolved vulnerabilities involve memory corruption scenarios. Exploitation could occur when processing crafted packets or capture files, leading to buffer overflows or memory access violations that terminate the application.

Affected components include parsers for cellular signaling protocols, secure shell communications, wireless network traffic, and document retrieval systems. Specific vulnerable dissectors include Catapult DCT2000, SSH, IEEE 802.11, Z39.50, and UMTS FP protocols. Additional issues impact the pcapng file reader and DBS Etherwatch file parser. Other vulnerabilities employ alternative exploitation methods. The FMP/NOTIFY dissector contains a flaw that could cause excessive resource consumption through infinite loop execution. A separate advisory consolidates multiple dissectors susceptible to similar loop-based attacks. The BLF file parser contains a vulnerability allowing unauthorized access to memory regions beyond intended boundaries. Additional issues affect the TLS ECH decryption module and the Ciscodump extcap utility, both of which could crash under specific conditions.

Non-Security Improvements

Non-security improvements in this release include 16 bug fixes. A critical fix addresses a use-after-free error in the Ethernet POWERLINK dissector triggered during profile loading failures. Another resolves a heap-buffer-overflow in the Android Logcat parser. Additional updates correct minor issues such as incorrect language interface displays when system settings use Dutch localization, misidentified IPv6 ping traffic as HiPerConTracer protocol, and improper handling of HEVC video packets due to unadjusted bit offsets. A heap corruption vulnerability affecting recent file loading has also been resolved.

Windows Build Environment Changes

The update introduces changes to the Windows build environment, transitioning to Visual Studio 2026. While no new protocol dissectors are added, existing ones receive updates for DNS, DCERPC, SSH, IEEE 802.11, MEGACO, and H.265 protocols.

File Handling Improvements

File handling improvements focus on Android Logcat, BLF, DBS Etherwatch, Netlog, and pcapng formats.

Extcap Helper Binary Locations

The release also clarifies extcap helper binary locations. On Unix systems, these tools are now defaulting to the libexec directory, a standard location for auxiliary binaries. This change aligns with existing bundled tools but may require adjustments for third-party extcaps. The WIRESHARK_EXTCAP_DIR environment variable allows customization of this path. Distributions lacking libexec directories, such as Alpine Linux, retain previous configurations.

Documentation and Protocol Refinements

The update includes documentation improvements for plugin developers regarding extcap implementation details. No new protocol support is introduced, but existing protocol analysis capabilities receive ongoing refinements to enhance accuracy and stability.



About Author

en_USEnglish