The Wireshark Foundation has released version 4.4.4 of its widely used network protocol analyzer, addressing a high-severity vulnerability that could allow attackers to trigger denial-of-service (DoS) conditions by injecting malicious packets. The update resolves CVE-2025-1492, a flaw in the Bundle Protocol and CBOR dissectors that caused crashes, infinite loops, and memory leaks when processing specially crafted network traffic. This marks the fourth security patch in the 4.4.x series, underscoring the persistent risks associated with protocol analysis tools in network security. According to the Wireshark security advisory (wnpa-sec-2025-01), the vulnerability was discovered through automated fuzz testing, a method that injects invalid or random data into software to uncover instability. Wireshark’s maintainers emphasized the importance of updating all instances, noting, “Malicious packet injection remains a persistent threat to network analysis tools. Despite these hurdles, Wireshark remains indispensable for network professionals, with over 80% of enterprises relying on it for traffic analysis according to industry surveys. Organizations using automated deployment tools should prioritize this update, while security teams should monitor for anomalous packet patterns indicative of exploitation attempts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers exploiting this vulnerability could disrupt network troubleshooting, analysis, and monitoring by overwhelming systems with malformed packets. In 2024 alone, the project resolved 15 security advisories, including infinite loops in MONGO and ZigBee TLV dissectors (wnpa-sec-2024-07) and crashes in HTTP3 decoding (wnpa-sec-2024-03). The flaw resides in how Wireshark’s dissectors parse Bundle Protocol (used in delay-tolerant networking) and CBOR (Concise Binary Object Representation) data structures. This aligns with historical patterns where protocol dissector modules that decode network traffic have been prime targets for DoS attacks. Enterprise environments relying on Wireshark for network forensics or intrusion detection are particularly at risk, as prolonged downtime could obscure ongoing breaches. The foundation also recommended validating capture files from untrusted sources and employing network segmentation to limit exposure to malicious traffic9. Successful exploitation crashes the application, halting critical network diagnostics and potentially enabling broader service interruptions. For example, past vulnerabilities in Bluetooth, Radiotap, and AVDTP dissectors (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058) similarly allowed crashes via malformed packets or trace files. Users are urged to upgrade immediately, as the vulnerability requires no authentication or user interaction beyond packet injection a feasible attack vector in both local and remotely accessible networks. As a precaution, the Wireshark Foundation advises against running the tool with elevated privileges and suggests using firewalls to restrict capture interfaces to authorized personnel.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Feb 2025 09:00:11 +0000