Wireshark 4.4.16 releases today with a critical patch that fixes a heap corruption bug in the ROHC dissector, preventing application crashes when processing malformed compressed header packets. The update also introduces direct capture file support for VeriWave equipment and refreshes protocol dissectors for Kafka, SIP, MDB, and RTPS-VT to improve traffic analysis accuracy. Network engineers and security analysts should upgrade immediately to maintain stable packet inspection workflows without unexpected segfaults. 

Wireshark 4.4.16 Released with Critical ROHC Fix and VeriWave Capture Support

Wireshark 4.4.16 hits the download page today, bringing a mix of stability patches and niche format support that matters to power users. The release addresses a heap corruption bug in the ROHC dissector that can crash the application when processing specific malformed packets. It also adds direct capture file support for VeriWave equipment and refreshes dissectors for Kafka, SIP, and other protocols. Updating ensures the analyzer handles traffic cleanly without segfaulting mid-analysis.

ROHC Heap Corruption Patch Prevents Crashes

The standout fix in this release targets a NULL write and heap corruption issue within the ROHC dissector. This vulnerability triggers when an uncompressed profile encounters a large Context ID, causing memory access violations. Network engineers who work with compressed header protocols know that malformed packets can easily trip up dissectors. Analysts frequently report losing packet capture data when dissectors trigger heap overflows on bad ROHC traffic. This happens because the parser attempts to write beyond allocated buffers without proper bounds checking. The patch closes that gap by validating the Context ID size before writing to memory. The release also resolves uninitialized memory reads in the vwr dissector and fixes several fuzz job crashes, which indicates the development team is actively stress-testing edge cases that manual review might miss.

Wireshark 4.4.16 Protocol Updates and VeriWave Support

Beyond security patches, this version updates protocol support for FB/IB GDS DB, Kafka, MDB, RTPS-VT, and SIP. These updates refine how the analyzer parses these protocols, which helps when troubleshooting complex enterprise traffic or IoT communications. The most practical addition for some users is the new VeriWave capture file support. VeriWave equipment generates proprietary capture formats that often require conversion tools to view in standard analyzers. Wireshark 4.4.16 can now open these files directly, saving time and reducing friction during network testing workflows. No new protocols appear in this release, but the existing protocol improvements keep the tool relevant for modern traffic analysis.

Installation and Verification Steps

Users should download the latest package from the official Wireshark website to ensure all fixes are applied. Windows users can grab the x64 installer or MSI package, while macOS users have options for both Intel and Apple Silicon builds. The portable version is also updated for those who prefer not to install software system-wide. After installation, verify the version number in the Help menu to confirm the update took effect. Checking file hashes before running installers remains a good habit, especially when dealing with network tools that handle sensitive traffic data.

Grab the update and give your capture files a quick run-through. If the ROHC fix clears up those random crashes you were blaming on hardware, you will know it worked. Happy sniffing.