Wireshark 4.6.6 Resolves ROHC Parser and Buffer Overflow Vulnerabilities

Wireshark remains the de‑facto standard for packet capture and analysis across enterprises, telecom operators, and incident‑response teams. The 4.6.6 release arrives after a focused fuzz‑testing campaign that uncovered two high‑severity flaws: a malformed‑packet trigger that could crash the ROHC dissector and a buffer‑overflow in the MACsec parser. Both vulnerabilities posed a direct threat to environments that ingest untrusted traffic, potentially halting forensic investigations or automated monitoring pipelines.

The ROHC issue, tracked as wnpa‑sec‑2026‑51, allowed attackers to inject crafted packets that forced the dissector to abort, effectively denying analysts access to critical network data. Similarly, the MACsec overflow could corrupt memory while decoding encrypted IEEE 802.1AE frames, opening a path to arbitrary code execution in the analysis host. By patching these flaws, Wireshark not only restores confidence in live capture scenarios but also aligns with broader industry moves toward hardened network‑toolchains.

Beyond security, version 4.6.6 delivers a suite of stability enhancements for Windows users, including fixes for Visual Studio crashes and compatibility with Windows 10 1809 and Server 2019. The bundled Npcap 1.88 driver improves low‑level packet capture reliability, while updated dissectors for BACapp, Kafka, SIP, PFCP and BPv7 broaden protocol visibility. For organizations that rely on continuous network monitoring, these upgrades translate into fewer interruptions, smoother upgrade paths, and a more resilient analysis platform.