The development team behind the world's favorite open-source network analyzer has officially rolled out Wireshark 4.6.7. While the highly anticipated Wireshark 4.8 is still cooking in the background, this new maintenance update provides a crucial shield for network administrators and cybersecurity pros alike.
Arriving roughly a month and a half after version 4.6.6, this release focuses heavily on mitigating high-risk memory vulnerabilities and refining existing protocol behavior. If you regularly deal with deep-dive packet inspection, this is one update you shouldn't ignore.
Under the Hood: Resolving 12 Critical Security Flaws
The core highlight of Wireshark 4.6.7 is its aggressive approach to security. When performing packet capture analysis, handling untrusted data can expose your system to unexpected behavior. This update successfully patches a dozen weak points that could lead to crashes or system exploits.
The majority of these patches fix severe memory corruption bugs. Specifically, malformed packets or crafted trace files could force certain protocol dissectors to read past allocated memory or trigger invalid memory access, causing the entire application to terminate abruptly.
The security overhaul brings essential stability updates to several key areas:
- Dissector Adjustments: Critical crash fixes have been applied to the SSH, IEEE 802.11 (wireless), Catapult DCT2000, Z39.50, and UMTS FP protocol dissectors.
-
File Parser Stabilization: Both the standard
pcapngfile reader and the DBS Etherwatch file parser received structural safety fixes to prevent unexpected termination when opening malicious capture files. - Alternative Exploitation Patches: The update addresses a resource-draining loop bug within the FMP/NOTIFY dissector, handles multiple protocol dissector infinite loops, and patches an information disclosure vulnerability in the BLF file parser that could accidentally leak out-of-bounds data into decoded output.
Resolving Stability Bugs and Daily Annoyances
Beyond the headlining security fixes, the Wireshark 4.6.7 maintenance cycle corrects 16 non-security bugs to smooth out the daily workflow for everyday users.
A standout fix addresses a troublesome use-after-free vulnerability inside the Ethernet POWERLINK (EPL) dissector, which commonly reared its head during profile-loading failures. Furthermore, developers have knocked out a heap-buffer-overflow bug hidden within the Android Logcat parser and resolved several unexpected memory leaks.
This update also ironed out a few everyday visual and parsing quirks:
- The IPv6 Ping Misidentification: A bug causing standard IPv6 pings from Debian-based systems to be wrongly decoded as "HiPerConTracer" traffic has been completely resolved.
- HEVC Video Dissection: The H.265 (HEVC) video dissector previously flagged valid packets as malformed due to an improper bit offset calculation, a behavior that is now fixed.
-
Recent File Loading Crashes: The team resolved a
frustrating
HEAP_CORRUPTIONerror that would instantly crash the app when loading the last savedrecent_commonconfiguration file.
Updated Protocol Rosters and Toolchain Improvements
While this point release doesn't introduce brand-new protocols, it
updates compatibility and parsing accuracy for a long list of existing ones.
Heavy hitters like
DNS, DCERPC, MEGACO, eDonkey, and BACapp have all received
crucial maintenance adjustments to minimize parsing errors. File format
handling has also seen iterative refinements across Android Logcat, BLF, DBS
Etherwatch, Netlog, and pcapng formats.
Windows developers will also note a shift under the hood, as Windows installers are now built utilizing the updated Visual Studio 2026 environment.
Additionally, the
release notes
formally document a Unix-specific structural shift originally introduced
back in version 4.6.0. On Unix-like systems, Wireshark now defaults to
searching for
extcap helper binaries within the libexec directory
(e.g., /usr/libexec/wireshark/extcap). Third-party plugin
developers may need to review their packaging directories to maintain
seamless compatibility.
How to Get Wireshark 4.6.7
Ready to upgrade your network analysis tool? The latest stable binaries are available right now.
You can download official macOS and Windows installers directly from the official Wireshark website. Linux users can either wait for the update to hit their distribution’s stable software repositories or instantly grab the containerized sandbox version by updating the Flatpak app via Flathub.
Keeping your analysis environment updated is the single best way to ensure your network auditing remains both accurate and secure against crafted payloads.

Comments
Post a Comment