Wireshark Fixes Critical Code Execution Flaws Triggered by Malformed Packets
Wireshark released version 4.6.5 to remediate more than 40 vulnerabilities, including multiple flaws that could allow arbitrary code execution when the tool processes malformed network packets or malicious capture and profile files. The most severe issues were reported in the TLS dissector, SBC codec, RDP dissector, and profile import functionality, where crashes may be exploitable for code execution.
The release also fixes a broad set of denial-of-service bugs across numerous protocol dissectors, several infinite-loop conditions that can stall unattended analysis workflows, and decompression-related crashes in zlib and LZ77 handling. Because Wireshark is widely deployed in enterprise security operations, packet analysis, and SIEM-connected environments—sometimes with elevated privileges—the patched version is being treated as a high-priority security update.
Timeline
May 1, 2026
Wireshark 4.6.5 released to fix over 40 vulnerabilities
Wireshark released version 4.6.5 to address more than 40 security flaws, including vulnerabilities that could allow arbitrary code execution via malformed packets or malicious capture/profile files. The fixes also covered numerous denial-of-service issues, infinite-loop bugs, and decompression-related crashes affecting multiple protocol dissectors and engine components.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Affected Products
Sources
Related Stories
Wireshark 4.6.4 Security Update Fixes Multiple Dissector DoS/Crash Bugs and Restores Plugin Compatibility
The Wireshark Foundation released **Wireshark 4.6.4**, a maintenance update that patches multiple security flaws in protocol dissectors that could be triggered by malformed or edge-case traffic to cause **denial-of-service conditions** (e.g., crashes, infinite loops, or resource exhaustion) during packet analysis. Reported fixes include issues leading to **memory exhaustion** in the USB HID dissector and crash conditions affecting dissectors such as **NTS-KE** and **RF4CE**, reducing the risk that crafted captures or live traffic could disrupt analyst workflows or automated inspection pipelines. Wireshark 4.6.4 also addresses additional dissector stability problems, including a **crash in the HTTP3 dissector** and an **infinite loop in the MEGACO dissector**, and it resolves a **plugin compatibility** regression introduced by an API/ABI change in 4.6.1 that impacted plugins built for 4.6.0. Beyond security-related fixes, the release includes stability and performance improvements (including an “Expert Info” performance issue and various capture-file and toolchain fixes affecting utilities like *TShark* and *editcap*), supporting more reliable operation in enterprise monitoring, incident response, and malware analysis environments.
1 months ago
Heap Buffer Overflow Flaws Disclosed in wolfSSL DTLS and Wireshark TLS Parsing
Two high-severity memory-corruption vulnerabilities were disclosed in widely used TLS-related software components. **CVE-2026-5264** affects wolfSSL and stems from DTLS 1.3 ACK message processing, where a remote attacker can send a crafted ACK packet to trigger a heap buffer overflow. The flaw is classified as `CWE-122` and is network-reachable with low attack complexity and no privileges or user interaction required, raising concern for applications that expose DTLS 1.3 services. A separate flaw, **CVE-2026-5402**, was disclosed in Wireshark’s TLS protocol dissector and affects versions `4.6.0` through `4.6.4`. The vulnerability is also a heap-based buffer overflow (`CWE-122`) and could allow denial of service and possible code execution when malicious traffic is processed, with the CVSS vector indicating high impact to confidentiality, integrity, and availability. Public references point to a wolfSSL GitHub pull request for the DTLS issue and to a GitLab issue and official Wireshark security advisory for the dissector flaw.
3 days ago
Microsoft fixes exploited SharePoint flaw in massive Patch Tuesday release
Microsoft released fixes for **165 vulnerabilities** across Windows, Office, SharePoint, Defender, SQL Server, Azure, .NET, and other products in one of its largest Patch Tuesday updates on record. The most urgent issue was **CVE-2026-32201**, an **actively exploited** improper input validation flaw in **SharePoint Server** that enables unauthenticated network-based spoofing and was immediately added to **CISA's Known Exploited Vulnerabilities** catalog. Microsoft also patched **CVE-2026-33825**, a publicly known **Microsoft Defender** privilege-escalation bug with proof-of-concept code, and **CVE-2026-33824**, a critical **remote code execution** flaw in **Windows IKE Service Extensions** affecting IPsec/VPN infrastructure. Researchers flagged **CVE-2026-33827** in **Windows TCP/IP** as potentially **wormable** under certain IPv6 and IPSec configurations. Other high-impact fixes include **CVE-2026-33120**, a **SQL Server remote code execution** flaw that paired with a separate privilege escalation bug (**CVE-2026-32176**) could enable full server compromise, and **CVE-2026-32220**, a **UEFI Secure Boot bypass** that could allow untrusted code to load during the boot process. The release also addressed elevation of privilege flaws across Desktop Window Manager, WinSock, TDI Translation Driver, Windows Push Notifications, Function Discovery Service, WSUS, Remote Desktop Licensing, Azure Monitor Agent, and Windows kernel components; security feature bypasses in Windows Hello, PowerShell, BitLocker, and Windows Shell; information disclosure bugs in Windows GDI, Print Spooler, Web Account Manager, UPnP Device Host, and the Windows kernel; and denial-of-service issues in .NET/Visual Studio and Windows RDBSS. Cumulative updates for Windows Server 2022 and 23H2 bundled security hardening for Kerberos, RDP, Secure Boot, and WDS, with Microsoft warning that Secure Boot certificates begin expiring in June 2026.
2 weeks ago