By rssfeeds-admin 
This update addresses denial-of-service (DoS) risks and crashes in key protocol dissectors, making it essential for security analysts, network engineers, and developers handling untrusted capture files or live traffic.
The release, maintained by the nonprofit Wireshark Foundation, fixes three newly disclosed CVEs that could crash the tool or exhaust resources when dissecting malformed packets.
These flaws primarily affect dissectors for USB HID, RF4CE Profile, and NTS-KE protocols, potentially disrupting analysis workflows in enterprise, telecom, or forensic environments.
Beyond security, it resolves operational bugs like Npcap startup issues on hardened Windows systems and crashes in TShark/editcap with BLF files.
Key CVE Details
| CVE ID | Affected Component | Description | Impact | Severity (CVSS) | Fixed in Version |
|---|---|---|---|---|---|
| CVE-2026-3201 | USB HID dissector | Improperly controlled sequential memory allocation during crafted USB HID traffic parsing. | Memory exhaustion, DoS | High (7.5) | 4.6.4 |
| CVE-2026-3202 | NTS-KE dissector | NULL pointer dereference when handling malformed Network Time Security key establishment traffic. | Application crash, DoS | High (7.5) | 4.6.4 |
| CVE-2026-3203 | RF4CE Profile dissector | Crash triggered during packet dissection of malformed RF4CE traffic. | Application crash, loss of analysis session | Medium (6.5) | 4.6.4 |
CVE-2026-3201 in the USB HID dissector arises from unbounded memory allocations when processing specially crafted packets, leading to exhaustion and DoS.
Attackers could exploit this via malicious pcap files shared in phishing campaigns or infected devices, common in red-team exercises or incident response.
CVE-2026-3202 involves a NULL pointer dereference in NTS-KE, crashing Wireshark on malformed key exchange payloads. This affects time-sensitive network monitoring, such as in IoT or secure NTP deployments.
The third flaw, CVE-2026-3203, hits the RF4CE Profile dissector used for Zigbee-like wireless protocols, causing segmentation faults during dissection. While not remote-code-execution worthy, it halts sessions, risking data loss in live captures.
Operational enhancements include fixing Wireshark’s failure to launch under Npcap’s admin-only mode, vital for locked-down Windows endpoints.
TShark and editcap now handle BLF (Binary Logging Format) files without segfaults, stabilizing automated pipelines in CI/CD or SIEM integrations.
Performance tweaks address quadratic slowdowns in Expert Info, IKEv2 decoding failures for EMERGENCY_CALL_NUMBERS, and TDS dissector desyncs. Capture support improves for BLF, pcapng, and TTL formats, bolstering fuzzing resistance.
Updated protocols span Art-Net, BGP, IEEE 802.11, IPv6, ISAKMP, MySQL, NAS-5GS, Socks, USB HID, and Zigbee clusters, ensuring compatibility with modern traces.
Security teams should upgrade immediately to 4.6.4, available via the official download page. Linux users can pull updates through distro packages (e.g., apt update && apt upgrade wireshark). Verify integrity with provided checksums.
In high-risk setups, restrict Wireshark to sandboxed environments for untrusted files, enable ASLR/DEP, and monitor for anomalous memory usage. The Wireshark Foundation urges reporting issues via their bug tracker.
This release underscores the need for timely patching in protocol analysis tools, as dissectors remain prime targets for fuzz-derived exploits.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Wireshark 4.6.4 Released With Patches for Multiple Security Vulnerabilities appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.