Wireshark, the leading open-source network protocol analyzer, released version 4.6.1 on November 19, 2025, to fix two security flaws in its dissectors that could cause the application to crash when processing malformed packets.
These issues, tracked as WNPA-SEC-2025-05 and WNPA-SEC-2025-06, affect the BPv7 and Kafka protocol dissectors, respectively, potentially leading to denial-of-service (DoS) for users analyzing network traffic.
The update also resolves dozens of other bugs to improve stability during troubleshooting, development, and educational tasks.
Key Security Fixes
The BPv7 dissector crash (WNPA-SEC-2025-05, Issue #20770) hits Wireshark 4.6.0 and triggers when dissecting Bundle Protocol version 7 packets used in space communications.
Attackers could inject malformed packets on a monitored network or trick users into loading crafted pcap files, causing null pointer dereferences or memory errors that halt analysis sessions.
No exploits are known yet, as the flaw was discovered during internal fuzzing tests.
A similar Kafka dissector issue (WNPA-SEC-2025-06, Issue #20823, possibly CVE-2025-13499) impacts Wireshark 4.6.0 and 4.4.0 through 4.4.10.
This leads to memory corruption during Apache Kafka message parsing, common in streaming data setups, again via bad packets or trace files.
Vendors like Tenable have plugins to detect vulnerable installs on Windows and macOS.
| Advisory | Dissector | Type | Affected Versions | Fixed In | Issue |
| WNPA-SEC-2025-05 | BPv7 | Crash (Null Deref) | 4.6.0 | 4.6.1 | #20770 |
| WNPA-SEC-2025-06 | Kafka | Crash (Mem Corruption) | 4.6.0, 4.4.0-4.4.10 | 4.6.1, 4.4.11 | #20823 |
Bug Fixes and Recommendations
Beyond security, Wireshark 4.6.1 patches crashes in TShark from Lua plugins, stalls on message selection, and LZ4 file write failures.
It fixes L2CAP retransmission handling (Issue #2241), DNS HIP labeling errors, TCP diagram bugs, and adds QUIC decoding for UDP port 853. Protocol support updates cover 802.11, HTTP3, SMB, SNMP, and more.
Users should upgrade immediately via the download page at wireshark.org/download.html, especially SOC analysts who rely on live captures.
Linux packages are available through distro repos. The Wireshark Foundation urges contributions to sustain development.
