Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection

HomeCyber Security Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection By Guru Baran May 25, 2026 The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the application by injecting a specially crafted, malformed packet. The update also resolves over a dozen stability and compatibility bugs affecting Windows users. The primary security fix targets wnpa-sec-2026-51, a confirmed dissector crash vulnerability tracked under Issue 21243. The flaw resided in Wireshark’s ROHC protocol dissector, a component responsible for parsing compressed IP packet headers. By injecting a malformed packet into a live capture or supplying a crafted .pcap file, a threat actor could trigger an unhandled crash, disrupting network analysis workflows and potentially destabilizing monitoring environments. Additionally, a MACsec dissector global-buffer-overflow (Issue 21235) was resolved, which posed a memory safety risk during packet parsing of IEEE 802.1AE-secured traffic. Both flaws were surface-exposed through fuzz testing campaigns conducted in May 2026. Bug Fixes and Stability Improvements Beyond the security patches, Wireshark 4.6.6 addresses several high-impact bugs: Windows crash under Visual Studio (Work Item 24787) — a development environment regression now resolved Uninitialized memory reads in pntoh16 and find_signature within the VeriWave (vwr) file reader (Issues 16460, 16461) Windows 10 v1809 incompatibility — Wireshark 4.6.5 failed to run on Windows 10 1809, Server 2019, and certain LTSC editions (Issue 21237) Accidental feature removal during upgrades on Windows when optional features weren’t explicitly preserved (Issue 18925) Bloated executable size — Wireshark.exe 4.6.5 was twice the size of 4.6.4 due to a packaging issue (Issue 21233) Two fuzz job crashes from May 2026 capture files (Issues 21240, 21253) This release ships with Npcap 1.88, replacing the previously bundled Npcap 1.87, improving low-level packet capture reliability on Windows. No new protocols were introduced, but updated dissector support covers BACapp, MACsec, ROHC, Kafka, SIP, PFCP, BPv7, and several others. Capture file support updates include JSON and VeriWave formats. On Unix systems, extcap binaries now default to the /usr/libexec/wireshark/extcap directory — a change originally introduced in 4.6.0 but formally documented in this release. Security teams and network analysts using Wireshark in production or monitoring environments should update to version 4.6.6 immediately, particularly given the ROHC dissector crash risk in environments processing untrusted or external packet captures. Downloads are available at wireshark. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Hackers Use Six-Layer Persistence to Maintain Access on Compromised FreePBX Systems Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access Microsoft Edge Stops Loading Saved Passwords Into Memory at Startup Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability Latest News Cyber Security News Top 10 Best Malware Sandbox Tools for Security Teams in 2026 Cyber Security News PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS Cyber Security Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! Cyber Attack News Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks Cyber Security Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos