Wireshark 4.4.4 Released: Critical DoS Vulnerability Patched

CVE-2025-1492: DoS Vulnerability in Bundle Protocol and CBOR Dissector

The update resolves CVE-2025-1492, a flaw in the Bundle Protocol and CBOR dissectors that caused crashes, infinite loops, and memory leaks when processing specially crafted network traffic. This vulnerability scored 7.8 (High) on the CVSS v3.1 scale and affected Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10.

Attackers exploiting this vulnerability could disrupt network troubleshooting, analysis, and monitoring by overwhelming systems with malformed packets. The flaw resides in how Wireshark’s dissectors parse Bundle Protocol (used in delay-tolerant networking) and CBOR (Concise Binary Object Representation) data structures.

Additional Bug Fixes in Wireshark 4.4.4

In addition to addressing CVE-2025-1492, Wireshark 4.4.4 also resolves 13 other bugs, including:

• Interface regressions
• DNS query handling errors
• JA4 fingerprint inaccuracies

These fixes enhance the stability and reliability of Wireshark, ensuring more accurate network analysis and diagnostics.

Recommendations for Users

Users are urged to upgrade to Wireshark 4.4.4 immediately to mitigate the risk of exploitation. The vulnerability requires no authentication or user interaction beyond packet injection, making it a feasible attack vector in both local and remotely accessible networks.

Wireshark’s maintainers emphasized the importance of updating all instances, noting, “Malicious packet injection remains a persistent threat to network analysis tools. This patch reinforces dissector stability to prevent exploitation of edge-case scenarios.” The foundation also recommended validating capture files from untrusted sources and employing network segmentation to limit exposure to malicious traffic.

Wireshark 4.4.4 is available for Windows, macOS, and Linux via the official website and package managers. Organizations using automated deployment tools should prioritize this update, while security teams should monitor for anomalous packet patterns indicative of exploitation attempts.