Developers patched two denial-of-service vulnerabilities identified in recent dissectors. The HTTP3 dissector crash (CVE-2025-13945) occurs during decryption of traffic via keylog files or capture files with secrets, potentially triggered by malformed packets.
Similarly, the MEGACO dissector infinite loop (CVE-2025-13946) can cause excessive CPU usage under malformed input. Both affect versions 4.6.0-4.6.1 and 4.4.0-4.4.11, with CVSS v3.1 base scores of 5.5 (Medium).
| CVE ID | Description | Affected Versions | CVSS v3.1 | References |
|---|---|---|---|---|
| CVE-2025-13945 | HTTP3 dissector crash on decryption | 4.6.0-4.6.1, 4.4.0-4.4.11 | 5.5 | wnpa-sec-2025-07 |
| CVE-2025-13946 | MEGACO dissector infinite loop | 4.6.0-4.6.1, 4.4.0-4.4.11 | 5.5 | wnpa-sec-2025-08 |
No exploits are known, but attackers could induce crashes remotely.
The update corrects an API/ABI change from 4.6.1, breaking plugins from 4.6.0. Additional fixes cover Omnipeek file support, stack buffer overflow in BER handling, fuzz-induced crashes, and a base32 function naming error. Windows installers now include Visual C++ Redistributable 14.44.35112 for better compatibility.
Updated dissectors improve parsing for ATM PW, COSEM, GTP, HTTP3, IEEE 802.15.4, MEGACO, PTP, SMTP, and others. Peektagged capture files gain native support, aiding diverse network forensics tasks. No new protocols added, focusing on reliability.
Users should upgrade promptly via the Wireshark Download page and verify plugin compatibility. The Wireshark Foundation encourages contributions at wiresharkfoundation.org. This release bolsters Wireshark’s role in protocol education and SharkFest events.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support appeared first on Cyber Security News.
Threat actor UNG0002 is actively targeting the Chinese education sector with a sophisticated spear-phishing campaign…
A critical heap-based buffer overflow vulnerability has been discovered in NGINX Plus and NGINX Open…
A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized…
The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC…
Warning: This review contains full spoilers for Rick and Morty Season 9, Episode 1! By…
This website uses cookies.