Wireshark 4.6.5

What's new in this version:

Fixed:
- This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.
- wnpa-sec-2026-08 Monero dissector crash
- wnpa-sec-2026-09 BT-DHT dissector crash
- wnpa-sec-2026-10 FC-SWILS dissector crash
- wnpa-sec-2026-11 SMB2 dissector infinite loop
- wnpa-sec-2026-12 ICMPv6 dissector crash
- wnpa-sec-2026-13 AFP dissector crash
- wnpa-sec-2026-14 TLS dissector crash and possible code execution
- wnpa-sec-2026-15 K12 RF5 file parser crash
- wnpa-sec-2026-16 SBC codec crash and possible code execution
- wnpa-sec-2026-17 RDP dissector crash and possible code execution
- wnpa-sec-2026-18 AMR-NB codec crash
- wnpa-sec-2026-19 SDP dissector crash
- wnpa-sec-2026-20 iLBC audio codec crash
- wnpa-sec-2026-21 Profile import crash and possible code execution
- wnpa-sec-2026-22 DCP-ETSI protocol dissector crash
- wnpa-sec-2026-23 BEEP protocol dissector crash
- wnpa-sec-2026-24 ZigBee protocol dissector crash
- wnpa-sec-2026-25 DLMS/COSEM protcol dissector infinite loop
- wnpa-sec-2026-26 Dissection engine zlib decompression crash
- wnpa-sec-2026-27 USB HID protocol dissector infinite loop
- wnpa-sec-2026-28 Dissection engine LZ77 decompression crash
- wnpa-sec-2026-29 Kismet protocol dissector crash
- wnpa-sec-2026-30 SANE protocol dissector infinite loop
- wnpa-sec-2026-31 DCP-ETSI protocol dissector crash
- wnpa-sec-2026-32 iLBC audio codec crash
- wnpa-sec-2026-33 TLS dissector infinite loop
- wnpa-sec-2026-34 ASN.1 PER protocol dissector crash
- wnpa-sec-2026-35 RTSP protocol dissector crash
- wnpa-sec-2026-36 IEEE 802.11 protocol dissector crash
- wnpa-sec-2026-37 MySQL protocol dissector crash
- wnpa-sec-2026-38 GNW protocol dissector infinite loop
- wnpa-sec-2026-39 OpenFlow v5 protocol dissector infinite loops
- wnpa-sec-2026-40 OpenFlow v6 protocol dissector infinite loop
- wnpa-sec-2026-41 MBIM dissector infinite loop
- wnpa-sec-2026-42 RPKI-Router protocol dissector infinite loop
- wnpa-sec-2026-43 GSM RP protocol dissector crash
- wnpa-sec-2026-44 WebSocket protocol dissector crash
- wnpa-sec-2026-45 SMB2 protocol dissector crash
- wnpa-sec-2026-46 HTTP protocol dissector crash
- wnpa-sec-2026-47 Sharkd utility memory leak
- wnpa-sec-2026-48 Sharkd utility crash
- wnpa-sec-2026-49 Sharkd utility crash
- wnpa-sec-2026-50 UDS protocol dissector infinite loop

The following bugs have been fixed:
- WSUG: Enabled Protocols dialog needs an update
- Build failure with Qt 6.11 beta
- BLF: Missing 4 byte alignment makes BLF files incompatible with Vector’s tools
- SMB2 decryption keys in smb2_seskey_list are not loaded on restart
- Fuzz job issue: fuzz-2026-03-01-13307044520.pcap
- Window with a message for ssh_strict_fopen
- IEEE 1722.1 Dissector for Stream Input Counters displays FRAMES_RX as "Stream Packets TX" Issue 21055.
- Wireshark 4.6.4 crashes
- Compilation error with Lua-5.5
- BSOD issue affecting Npcap 1.86
- Adding descriptions to BLF interfaces broke the Capture File Properties view
- Assertion Failure in ws_buffer_remove_start via Malformed Packet Manipulation
- Modbus/RTU fails to decode broadcast frames
- Lua not included unless CMake version >= 3.25
- sshdump: Regression in v4.6.4 – Failed to resolve hostname aliases from .ssh/config on Windows
- Fuzz job crash: fuzz-2026-03-25-13637733472.pcap
- dumpcap TCP@ section-header parsing remote heap corruption
- Netflix BBLog EVENT parsing crash
- On Windows, the Follow Stream feature output is shown in proportional font after zooming
- RTP Streams dialog Time of Day inconsistent behavior
- Sysdig Event Block Integer Underflow
- RF4CE NWK Dissector Heap Buffer Overflow (crash/OOB) Issue 21150.
- NetXray/Sniffer Padding Integer Underflow
- HTTP/2 ALTSVC/PRIORITY_UPDATE Frame Length Truncation (24-bit to 16-bit) Issue 21155.
- Snort config parser 2 buffer overflows
- ESP NULL Encryption Integer Underflow triggers Heap Overflow
- Heap buffer overflow in ISO 8583 dissector bin2hex() Issue 21171.
- wslua: NULL pointer dereference in get_dissector when passing an invalid GUID string to an FT_GUID table
- Fuzz job UTF-8 encoding issue: fuzz-2026-04-16-13947406035.pcap
- Qt: Waterfall bars misisng in conversation overview when "limit to display filter" is active
- text2pcap: heap-buffer-overflow in memmove when -P"dissector" payload exceeds reserved space
- text2pcap : Stack overflow via unbounded "g_alloca" in regex "seqno" Issue 21209.
- editcap: --novlan integer underflow in sll_remove_vlan_info causes denial of service on short SLL captures
- NAS-5GS - Mapping issue between IEI 0x7B and "S-NSSAI location validity information" IE
- RTP-MIDI dissector reports incorrect value for MTC Quarter Frame data

New and Updated Features:
- The Windows installers now ship with Npcap 1.87. They previously shipped with Npcap 1.86.
- The Windows installers now ship with Qt 6.10.3. They previously shipped with Qt 6.9.3.

Updated Protocol Support:
- AFP, AIN, ANSI_TCAP, ASAM CMP, ATN-ULCS, BEEP, BGP, BT HCI, BT HCI ISO, BT-DHT, CAMEL, ChargingASE, CMIP, COSEM, DAP, Darwin, DCP ETSI, DECT NR+, DISP, DMX, DNS, E1AP, E2AP, F1AP, FC-SWILS, Frame, FTAM, GLOW, GNW, GOOSE, GPRSCDR, GSM MAP, GSM RP, H.225.0, H.245, H.248, H.450, H.450.ROS, HNBAP, HTTP, HTTP2, ICMPv6, IDMP, IEEE 1609.2, IEEE 1722.1, IEEE 802.11, INAP, IPsec, IPv4, IPv6, ISAKMP, ISO 8583, ITS, JSON 3GPP, Kismet, LCSAP, LDAP, LPPa, M2AP, M3AP, MAS-5GS, MBIM, MMS, Modbus, Monero, MySQL, NBAP, NGAP, NRPPa, OpenFlow 1.4, OpenFlow 1.5, OpenVPN, P1, P22, P7, PCAP, Q932.ROS, QSIG, QUIC, RANAP, RCv3, RF4CE, RF4CE Profile, RNSAP, RPKI-Router, RRLP, RTPS, RUA, S1AP, SABP, SANE, SBcAP, SDP, SGP.22, Signal PDU, SMB2, SSH, T.38, TDSUDP, UDS, WebSocket, X2AP, X509CE, X509IF, X509SAT, XnAP, Z39.50, and ZBD

New and Updated Capture File Support:
- 3gpp phone log, Android Logcat Binary, Android Logcat Text, Ascend, BLF, CAM Inspector, Catapult DCT2000, Cinco NetXray/Sniffer, CoSine IPSX L2, DBS Etherwatch, EyeSDN, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, K12, Micropross mplog, MPEG2 transport stream, NetScaler, NetScreen, pcapng, pppd log, Sniffer, Systemd Journal, TCPIPtrace, Toshiba Compact ISDN Router, and Visual Networks

Plugin Development Changes:
- On UN*X systems (excluding macOS when running from an app bundle, as with the official installer) extcap binaries are now searched for under the libexec directory by default, e.g., /usr/libexec/wireshark/extcap instead of /usr/lib64/wireshark/extcap or similar. This is the customary place for helper binaries, which as opposed to libraries do not need multiarch support. The location can be overridden via the environment variable WIRESHARK_EXTCAP_DIR. The extcap binaries shipped with Wireshark are installed in the new location, but third party extcaps may need packaging changes. This change was effective in version 4.6.0, but was not explicitly noted in the release notes previously. Note that some distributions do not use a libexec directory, such as Alpine Linux, which does not have multilib support. On such systems extcap binaries should be in the same location as before.