Wireshark, the leading open-source network protocol analyzer, released version 4.6.1 on November 19, 2025, to fix two security flaws in its dissectors that could cause the application to crash when processing malformed packets.
These issues, tracked as WNPA-SEC-2025-05 and WNPA-SEC-2025-06, affect the BPv7 and Kafka protocol dissectors, respectively, potentially leading to denial-of-service (DoS) for users analyzing network traffic.
The update also resolves dozens of other bugs to improve stability during troubleshooting, development, and educational tasks.
The BPv7 dissector crash (WNPA-SEC-2025-05, Issue #20770) hits Wireshark 4.6.0 and triggers when dissecting Bundle Protocol version 7 packets used in space communications.
Attackers could inject malformed packets on a monitored network or trick users into loading crafted pcap files, causing null pointer dereferences or memory errors that halt analysis sessions.
No exploits are known yet, as the flaw was discovered during internal fuzzing tests.
A similar Kafka dissector issue (WNPA-SEC-2025-06, Issue #20823, possibly CVE-2025-13499) impacts Wireshark 4.6.0 and 4.4.0 through 4.4.10.
This leads to memory corruption during Apache Kafka message parsing, common in streaming data setups, again via bad packets or trace files.
Vendors like Tenable have plugins to detect vulnerable installs on Windows and macOS.
| Advisory | Dissector | Type | Affected Versions | Fixed In | Issue |
| WNPA-SEC-2025-05 | BPv7 | Crash (Null Deref) | 4.6.0 | 4.6.1 | #20770 |
| WNPA-SEC-2025-06 | Kafka | Crash (Mem Corruption) | 4.6.0, 4.4.0-4.4.10 | 4.6.1, 4.4.11 | #20823 |
Beyond security, Wireshark 4.6.1 patches crashes in TShark from Lua plugins, stalls on message selection, and LZ4 file write failures.
It fixes L2CAP retransmission handling (Issue #2241), DNS HIP labeling errors, TCP diagram bugs, and adds QUIC decoding for UDP port 853. Protocol support updates cover 802.11, HTTP3, SMB, SNMP, and more.
Users should upgrade immediately via the download page at wireshark.org/download.html, especially SOC analysts who rely on live captures.
Linux packages are available through distro repos. The Wireshark Foundation urges contributions to sustain development.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…