Wireshark 4.6.5 delivers a critical security patch that resolves dozens of vulnerabilities across multiple protocol dissectors, many identified through AI-assisted scanning tools. The update also bundles Npcap 1.87 to permanently fix the blue screen crashes that plagued Windows users in recent versions. Beyond stability and security, the release improves daily workflows by fixing SMB2 decryption key persistence on restart and correcting a font rendering bug in the Follow Stream feature. Network analysts should upgrade immediately to eliminate potential code execution risks while gaining a more reliable capture environment.

Wireshark 4.6.5 Released: Security Patch Flood and Npcap BSOD Fix for Windows

Wireshark 4.6.5 is out, and it serves as a critical security update that also resolves a blue screen of death issue for Windows users. The release addresses dozens of vulnerabilities across various protocol dissectors while bundling an updated Npcap driver to fix stability problems that have caused system crashes in recent versions.

Wireshark 4.6.5 Security Fixes and the AI Factor

The release notes highlight a significant number of CVEs, and the developers point to AI-assisted vulnerability reports as the driver behind this volume. Automated tools appear to be generating these findings at a faster pace than traditional manual analysis, resulting in a cleanup cycle that targets crashes and potential code execution flaws in dissectors like TLS, SMB2, RDP, and HTTP. Network administrators capturing traffic from untrusted networks should treat this update as mandatory because several of these issues allow for heap overflows and infinite loops that could destabilize the application or worse. The list includes fixes for memory exhaustion in USB HID, integer underflows in editcap, and crashes in the K12 RF5 file parser. It is not just about keeping Wireshark from closing unexpectedly; some of these flaws involve possible code execution when processing malformed packets.

Windows Users Get a BSOD Reprieve

Windows installations now ship with Npcap 1.87, which resolves the blue screen crashes associated with version 1.86. The driver conflict caused system instability that forced users to stop captures or reboot their machines unexpectedly. This update ensures the network capture layer is stable alongside the application interface. The release also upgrades Qt to version 6.10.3, which improves UI performance and fixes compilation issues for developers building from source.

Protocol Updates and Usability Improvements

Beyond security and driver updates, Wireshark 4.6.5 fixes several bugs that disrupt daily analysis workflows. SMB2 decryption keys now load correctly on restart, which saves analysts from manually reloading key material after every session close. This is a common pain point during incident response when time matters and reloading configurations slows down the investigation. The BLF file parser receives better alignment support to maintain compatibility with Vector tools, and the capture file properties view no longer breaks when interface descriptions are added. There is also a fix for the Follow Stream feature on Windows, where the output text would switch to a proportional font after zooming, making it harder to read during deep dives into application layer data. Plugin developers should note that extcap binaries now search the libexec directory by default on Unix-like systems, which may require packaging adjustments for third-party tools.

Download the update from the official site and verify the SHA256 hashes before installing. The security fixes here cover too many critical protocols to skip, especially with the code execution risks in dissectors handling common traffic types.