SharkFest US 2026 is coming to Nashville, Tennessee! Learn more and register.

wnpa-sec-2026-60 · BLF file Parser information disclosure

Summary

Name: BLF file Parser information disclosure

Docid: wnpa-sec-2026-60

Date: July 8, 2026

Affected versions: 4.6.0 to 4.6.6, 4.4.0 to 4.4.16

Fixed versions: 4.6.7, 4.4.17

References:

Wireshark issue 21361.
CVE-2026-15168.

Details

Description

The BLF file parser could read uninitialized memory and disclose possibly sensitive information.

Impact

Discovered by Thai Duong Tran. We are unaware of any exploits for this issue. It may be possible to make Wireshark disclose sensitive information by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.6.7, 4.4.17 or later.