Wireshark 4.4.9 Released With Critical Bug Fixes and Protocol Updates

Software Update

The Wireshark Foundation has released Wireshark 4.4.9, focusing on stability enhancements and protocol dissector updates.

Key Security and Stability Fixes

This release addresses a security vulnerability in the SSH dissector, identified as wnpa-sec-2025-03, which caused application crashes when parsing malformed packets. This patch, logged as Issue 20642, ensures safer analysis of encrypted sessions.

Additional bug fixes include:

• Corrected RDM Product Detail List ID parsing to prevent device parameter misidentification (Issue 20612).
• Repaired SCCP LUDT segmentation to decode segmented Call Control messages (Issue 20647).
• Ensured successful Ciscodump capture initialization on Cisco IOS platforms (Issue 20655).
• Restored visibility of closing context tag 1 in BACnet WritePropertyMultiple operations (Issue 20665).
• Fixed an LZ77 decompression error regarding the length field misreading (Issue 20671).

These updates improve packet dissection accuracy and prevent unexpected shutdowns during the analysis of various network traffic types.

Protocol Enhancements

While no new protocols are introduced, Wireshark 4.4.9 includes improved dissector logic for existing protocols:

• BACapp (Building Automation and Control)
• LIN (Local Interconnect Network)
• MySQL database traffic
• RDM (Remote Device Management)
• SABP (Storage Array Benchmarking Protocol)
• SCCP (Signaling Connection Control Part)
• sFlow (Sampled Flow)
• SSH (Secure Shell)

These refinements enhance decoding precision, adjust field offsets, and improve support for edge-case payload formats, facilitating precise protocol analysis.

No new capture file formats are added, nor are there updates to file format decoding in this release. Users should monitor future releases for additional capture format support.

Availability

Wireshark 4.4.9 is available for Windows, macOS, and major Linux distributions. Users of previous 4.4.x versions are advised to upgrade to leverage these critical fixes. For comprehensive details, refer to the official release notes at wireshark.org.