Wireshark 4.6.6 is now available as a maintenance update, including a security fix that prevents a crash in the ROHC (Robust Header Compression) protocol dissector, used to compress packet headers in some networks.
In addition to the security fix, Wireshark 4.6.6 addresses several bugs from the last release. These include a crash when running Wireshark with Visual Studio on Windows, uninitialized memory reads in the VeriWave reader, a global buffer overflow in the MACsec dissector, and two issues found through fuzz testing with malformed packets.
On top of that, this release brings several important fixes for Windows users. Wireshark 4.6.6 now keeps existing optional features during upgrades, so users no longer need to reselect them. It also fixes a problem where Wireshark 4.6.5 would not run on Windows 10 version 1809, Server 2019, and some LTSC versions.
Another change for Windows is the update to Npcap 1.88 in the official installers, replacing version 1.87. Npcap is the packet capture driver for Wireshark on Windows, so this update affects users who install or upgrade Wireshark using the Windows packages.
While Wireshark 4.6.6 does not add any new protocols, it updates support for several existing ones. These include BACapp, BPv7, DB/IB GDS DB, Kafka, MACsec, PFCP, RF4CE, ROHC, RTPS-VT, SAPHDB, and SIP. Support for JSON and VeriWave capture files has also been improved.
For Unix-like systems, the release notes mention a plugin change that started in Wireshark 4.6.0. By default, extcap binaries are now found in the libexec directory, like /usr/libexec/wireshark/extcap, instead of places like /usr/lib64/wireshark/extcap. You can still change this path using the WIRESHARK_EXTCAP_DIR environment variable.
For additional details, see the announcement. Wireshark 4.6.6 is available from the project’s download page.
