If your network toolkit depends on Wireshark — and chances are it does — a critical new security update demands your immediate attention. Wireshark, the world's most widely used open-source network protocol analyzer, has released a major security update addressing over 40 vulnerabilities, several of which enable arbitrary code execution through malformed packet injection or malicious capture files. The tool trusted to keep networks safe has itself become a target, and the scope of this disclosure is unlike anything the project has seen in recent memory.
The most alarming findings center on four components where crashes can escalate into full code execution. The TLS dissector, SBC audio codec, RDP dissector, and profile import function were all found susceptible to crashes with possible code execution — and these vulnerabilities are particularly dangerous because Wireshark is routinely run with elevated privileges in enterprise and SOC environments, meaning successful exploitation could grant attackers significant system access. Beyond RCE risks, dozens of additional dissectors covering protocols from SMB2 and HTTP to ZigBee and IEEE 802.11 are vulnerable to denial-of-service crashes and infinite loops — where an attacker on the same network segment can trigger these crashes by injecting specially crafted packets, requiring no authentication or prior access to the target system.
The breadth of this patch is a wake-up call for anyone treating Wireshark as a passive, read-only tool. The Wireshark team notes that this batch of fixes was partly attributed to AI-assisted vulnerability reporting, which accelerated discovery across many protocol modules simultaneously. The fix is straightforward: users are strongly advised to update to Wireshark 4.6.5 immediately, and organizations running Wireshark in live capture or SIEM-integrated modes should treat this update as a critical priority, given the code execution potential in TLS, RDP, and SBC components. Don't let the tool you use to catch threats become the threat itself.
https://cybersecuritynews.com/wireshark-vulnerabilities-code-execution/
