wnpa-sec-2026-60 · BLF file Parser information disclosure
Summary
Name: BLF file Parser information disclosure
Docid: wnpa-sec-2026-60
Date: July 8, 2026
Affected versions: 4.6.0 to 4.6.6, 4.4.0 to 4.4.16
Fixed versions: 4.6.7, 4.4.17
References:
Wireshark issue 21361.
CVE-2026-15168.
Details
Description
The BLF file parser could read uninitialized memory and disclose possibly sensitive information.
Impact
Discovered by Thai Duong Tran. We are unaware of any exploits for this issue. It may be possible to make Wireshark disclose sensitive information by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.6.7, 4.4.17 or later.