Wireshark 4.6.3 Patches Dissector and Parser Crashes Triggered by Malformed Traffic

CyberDefender 4 mins0

The Wireshark team has released version 4.6.3 of its widely used open-source network protocol analyzer. This release is primarily a maintenance update, delivering a mix of bug fixes, stability improvements, expanded protocol and capture support, and several important security vulnerability fixes.

What’s New in Wireshark 4.6.3

Bug Fixes and Stability Improvements

Wireshark 4.6.3 addresses a range of general issues aimed at improving overall reliability and performance. These fixes include:

  • Resolving build-related problems on certain platforms
  • Improving the handling and parsing of specific protocol fields
  • Enhancing stability in key areas such as IEEE 802.11 packet parsing and RTP player control

Updated Protocol and Capture Support

This release also brings updates and refinements to protocol and capture file support. Several protocols have received improvements, including HTTP/3, DHCP, QUIC, IEEE 802.11, and others.

Key Security Fixes — Vulnerabilities Patched

Wireshark 4.6.3 fixes multiple security vulnerabilities that could allow attackers to crash the application or trigger denial-of-service conditions when Wireshark processes malformed or malicious packet captures. These issues were disclosed through official Wireshark security advisories.

Security Issues Addressed

The following vulnerabilities, tracked under advisories wnpa-sec-2026-XX, are resolved in this release:

  • BLF File Parser Crash
    A flaw in the BLF (Binary Logging Format) file parser could be exploited using specially crafted capture files, resulting in an application crash.
  • IEEE 802.11 Protocol Dissector Crash
    Malformed Wi-Fi (802.11) frames could cause the protocol dissector to crash.
  • SOME/IP-SD Protocol Dissector Crash
    Improper handling of SOME/IP-SD protocol packets could lead to a crash during packet analysis.
  • HTTP/3 Dissector Infinite Loop
    A logic error in the HTTP/3 dissector could cause Wireshark to enter an infinite loop, potentially hanging the application or consuming excessive CPU resources when processing malformed HTTP/3 traffic.

Why These Fixes Matter

These vulnerabilities are particularly important for:

  • Security analysts and network engineers who analyze capture files from external or untrusted sources
  • Automated systems and tools that batch-process packet captures
  • Any operational environment where application crashes or hangs could interrupt investigations or workflows

Upgrade Recommendation

Users running Wireshark 4.6.0, 4.6.1, or 4.6.2 are strongly encouraged to upgrade to version 4.6.3 or later to address these stability and security concerns.

Official installers and source code are available from the Wireshark project website.

CyberDefender