Wireshark 4.6.4 Security Update Fixes Multiple Dissector DoS/Crash Bugs and Restores Plugin Compatibility
The Wireshark Foundation released Wireshark 4.6.4, a maintenance update that patches multiple security flaws in protocol dissectors that could be triggered by malformed or edge-case traffic to cause denial-of-service conditions (e.g., crashes, infinite loops, or resource exhaustion) during packet analysis. Reported fixes include issues leading to memory exhaustion in the USB HID dissector and crash conditions affecting dissectors such as NTS-KE and RF4CE, reducing the risk that crafted captures or live traffic could disrupt analyst workflows or automated inspection pipelines.
Wireshark 4.6.4 also addresses additional dissector stability problems, including a crash in the HTTP3 dissector and an infinite loop in the MEGACO dissector, and it resolves a plugin compatibility regression introduced by an API/ABI change in 4.6.1 that impacted plugins built for 4.6.0. Beyond security-related fixes, the release includes stability and performance improvements (including an “Expert Info” performance issue and various capture-file and toolchain fixes affecting utilities like TShark and editcap), supporting more reliable operation in enterprise monitoring, incident response, and malware analysis environments.
Timeline
Feb 26, 2026
Wireshark 4.6.4 released with security and stability fixes
The Wireshark Foundation released Wireshark 4.6.4 as a maintenance update fixing multiple dissector vulnerabilities and functional bugs. Reported fixes include crash, infinite loop, and memory-exhaustion issues in protocol dissectors, along with performance and stability improvements such as resolving plugin compatibility problems and other parser-related defects.
Feb 26, 2026
Wireshark 4.6.1 introduces plugin compatibility regression
An API/ABI change in Wireshark 4.6.1 caused compatibility problems for plugins built for Wireshark 4.6.0, disrupting expected extension interoperability in the 4.6 stable series. This issue was later addressed in Wireshark 4.6.4.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Affected Products
Sources
Related Stories
Wireshark Fixes Critical Code Execution Flaws Triggered by Malformed Packets
Wireshark released version **4.6.5** to remediate more than 40 vulnerabilities, including multiple flaws that could allow **arbitrary code execution** when the tool processes malformed network packets or malicious capture and profile files. The most severe issues were reported in the **TLS dissector**, **SBC codec**, **RDP dissector**, and **profile import** functionality, where crashes may be exploitable for code execution. The release also fixes a broad set of **denial-of-service** bugs across numerous protocol dissectors, several **infinite-loop** conditions that can stall unattended analysis workflows, and decompression-related crashes in **zlib** and **LZ77** handling. Because Wireshark is widely deployed in enterprise security operations, packet analysis, and SIEM-connected environments—sometimes with elevated privileges—the patched version is being treated as a high-priority security update.
2 days ago
Heap Buffer Overflow Flaws Disclosed in wolfSSL DTLS and Wireshark TLS Parsing
Two high-severity memory-corruption vulnerabilities were disclosed in widely used TLS-related software components. **CVE-2026-5264** affects wolfSSL and stems from DTLS 1.3 ACK message processing, where a remote attacker can send a crafted ACK packet to trigger a heap buffer overflow. The flaw is classified as `CWE-122` and is network-reachable with low attack complexity and no privileges or user interaction required, raising concern for applications that expose DTLS 1.3 services. A separate flaw, **CVE-2026-5402**, was disclosed in Wireshark’s TLS protocol dissector and affects versions `4.6.0` through `4.6.4`. The vulnerability is also a heap-based buffer overflow (`CWE-122`) and could allow denial of service and possible code execution when malicious traffic is processed, with the CVSS vector indicating high impact to confidentiality, integrity, and availability. Public references point to a wolfSSL GitHub pull request for the DTLS issue and to a GitLab issue and official Wireshark security advisory for the dissector flaw.
3 days ago
OpenSSL Releases Patch Multiple CVEs Across Supported Branches
The OpenSSL Project released updated versions across multiple supported branches to fix a set of security flaws in the SSL/TLS toolkit, with **OpenSSL 3.6.2** carrying the broadest set of patches. The updates address issues including incorrect failure handling in RSA KEM `RSASVE` encapsulation, an out-of-bounds read in `AES-CFB-128` on x86-64 systems with `AVX-512` support, a potential use-after-free in DANE client code, several `NULL` pointer dereference bugs, and a heap buffer overflow in hexadecimal conversion. OpenSSL said the most severe issue in the release was rated **Moderate**. Additional releases — **3.5.6, 3.4.5, 3.3.7, 3.0.20, 1.1.1zg, and 1.0.2zp** — also shipped with security fixes and minor bug corrections, though older branches received smaller subsets of the patches. The 3.6.2 release also repaired two regressions introduced in 3.6.0 affecting `X509_V_FLAG_CRL_CHECK_ALL` behavior and stapled OCSP response handling that could trigger handshake failures. Administrators running **OpenSSL 3.6.x** on x86-64 systems with `AVX-512` enabled were specifically urged to prioritize the `AES-CFB-128` fix because of memory-read exposure.
3 weeks ago