By rssfeeds-admin The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the application by injecting a specially crafted, malformed packet. The update also resolves over a dozen stability and compatibility bugs affecting Windows users.
The primary security fix targets wnpa-sec-2026-51, a confirmed dissector crash vulnerability tracked under Issue 21243. The flaw resided in Wireshark’s ROHC protocol dissector, a component responsible for parsing compressed IP packet headers.
By injecting a malformed packet into a live capture or supplying a crafted .pcap file, a threat actor could trigger an unhandled crash, disrupting network analysis workflows and potentially destabilizing monitoring environments.
Additionally, a MACsec dissector global-buffer-overflow (Issue 21235) was resolved, which posed a memory safety risk during packet parsing of IEEE 802.1AE-secured traffic. Both flaws were surface-exposed through fuzz testing campaigns conducted in May 2026.
Bug Fixes and Stability Improvements
Beyond the security patches, Wireshark 4.6.6 addresses several high-impact bugs:
- Windows crash under Visual Studio (Work Item 24787) — a development environment regression now resolved
-
Uninitialized memory reads in
pntoh16andfind_signaturewithin the VeriWave (vwr) file reader (Issues 16460, 16461) - Windows 10 v1809 incompatibility — Wireshark 4.6.5 failed to run on Windows 10 1809, Server 2019, and certain LTSC editions (Issue 21237)
- Accidental feature removal during upgrades on Windows when optional features weren’t explicitly preserved (Issue 18925)
-
Bloated executable size —
Wireshark.exe4.6.5 was twice the size of 4.6.4 due to a packaging issue (Issue 21233) - Two fuzz job crashes from May 2026 capture files (Issues 21240, 21253)
This release ships with Npcap 1.88, replacing the previously bundled Npcap 1.87, improving low-level packet capture reliability on Windows. No new protocols were introduced, but updated dissector support covers BACapp, MACsec, ROHC, Kafka, SIP, PFCP, BPv7, and several others. Capture file support updates include JSON and VeriWave formats.
On Unix systems, extcap binaries now default to the /usr/libexec/wireshark/extcap directory — a change originally introduced in 4.6.0 but formally documented in this release.
Security teams and network analysts using Wireshark in production or monitoring environments should update to version 4.6.6 immediately, particularly given the ROHC dissector crash risk in environments processing untrusted or external packet captures. Downloads are available at wireshark.
The post Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.