Friday, May 23, 2025
HomeComputer SecurityWireshark 2.6.6 & 2.4.12 Released With Fix For Vulnerabilities that Results in...

Wireshark 2.6.6 & 2.4.12 Released With Fix For Vulnerabilities that Results in Crash by Injecting a Malformed Packet

Published on

SIEM as a Service

Follow Us on Google News

The New version of Wireshark released with the fix for vulnerabilities, number of bugs and with updated protocols support.

Wireshark is the most popular network protocol analyzer used for analyzing network packets by organizations and individuals worldwide.

With The new versions of Wireshark come with the fix for security vulnerabilities that could crash the dissector. The dissector is to decode and analyze its part of the protocol. Users requested to Upgrade to Wireshark 2.6.6 & 2.4.12 or later.

- Advertisement - Google News

Also you can check the Master in Wireshark Network Analysis course that gives hands-on experience for troubleshooting networks using Wireshark.

Wireshark 2.6.6 & 2.4.12

Following are the vulnerabilities fixed with Wireshark 2.6.6.

CVE-2019-5716 – 6LoWPAN dissector crash

CVE-2019-5717 – P_MUL dissector could crash

CVE-2019-5718 – RTSE dissector and other ASN.1 dissectors could crash

CVE-2019-5719 – ISAKMP dissector crash

Wireshark bug 14470 – ENIP protocol dissector could crash

These vulnerabilities can be exploited by an attacker by injecting a Malformed Packet and by convincing the users to read the malformed packet trace file.

Bugs Fixed

Along with the security update muliple bugs fixed.

  • console.lua not found in a folder with non-ASCII characters in its name. Bug 15118.
  • Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. Bug 15263.
  • UDP Multicast Stream double counts. Bug 15271.
  • text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. Bug 15292.
  • Builds without libpcap fail if the libpcap headers aren’t installed. Bug 15317.
  • TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. Bug 15350.
  • macOS DMG appears to have duplicate files. Bug 15361.
  • Wireshark jumps behind other windows when opening UAT dialogs. Bug 15366.
  • Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. Bug 15367.
  • Executing -z http,stat -r file.pcapng throws a segmentation fault. Bug 15369.
  • IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. Bug 15372.
  • In DNS statistics, response times > 1 sec not included. Bug 15382.
  • GTPv2 APN dissect problem. Bug 15383.

Also the new version includes updated protocol support for following protocols 6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Wireshark 2.6.5 Released With Fixes for Number of Vulnerabilities that Could Crash the Wireshark

Multiple Wireshark DOS Vulnerabilities Allows a Remote Attacker to Crash Vulnerable Installations

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks

Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that...

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU...

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak...

ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots

A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io's Threat Detection & Research (TDR)...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU...

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...