Wireshark Foundation has released version 4.4.4 of its popular network protocol analyzer, addressing a critical vulnerability (CVE-2025-1492) that could allow attackers to trigger denial-of-service (DoS) conditions. The flaw, affecting Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10, resides in the Bundle Protocol and CBOR dissectors. When specially crafted network traffic was processed, the vulnerability caused crashes, infinite loops, and memory leaks, leading to potential disruptions in network diagnostics and monitoring. This issue received a high severity rating of 7.8 on the CVSS v3.1 scale and was discovered through automated fuzz testing.
The new release aims to mitigate the risks of this vulnerability by addressing the flaw in the dissectors that decode network traffic.
Successful exploitation of this vulnerability could severely impact network forensics and intrusion detection, particularly in enterprise environments. The release not only fixes the critical flaw but also resolves 13 other bugs, including issues related to interface regressions, DNS query handling, and JA4 fingerprint inaccuracies. Wireshark emphasized the importance of updating immediately to avoid potential exploitation from malformed packet injection.
As part of their ongoing commitment to secure their protocol analysis tools, Wireshark’s maintainers urged users to upgrade to version 4.4.4 and validate capture files from untrusted sources. In addition to the fix for CVE-2025-1492, the release also includes enhanced stability for dissector modules, ensuring that edge-case vulnerabilities, such as those that have impacted Bluetooth and Radiotap in the past, are less likely to cause disruptions. The Wireshark Foundation recommended network segmentation and proper firewalls to further mitigate exposure to malicious traffic during the update process.
Wireshark continues to be an essential tool for network professionals, with over 80% of enterprises relying on it for traffic analysis. Despite facing challenges with architectural changes and bug fixes, such as the migration to Lua 5.4 and compatibility risks with zlib-ng, the Wireshark Foundation remains committed to improving the security and functionality of its software. The release of version 4.4.4 follows a series of security advisories in 2024, showcasing Wireshark’s proactive approach to addressing potential vulnerabilities and ensuring its continued role in network security.
