Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-13
WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796)
[4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an
update for a fix in Wireshark 2.2.6 and 2.0.12.
* [5]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755)
[8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a
fix in Wireshark 2.2.7.
* [10]wnpa-sec-2017-34
AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408
* [13]wnpa-sec-2017-35
MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407
* [16]wnpa-sec-2017-36
DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406
The following bugs have been fixed:
* Y.1711 dissector reverses defect type order. ([19]Bug 8292)
* Packet list keeps scrolling back to selected packet while names are
being resolved. ([20]Bug 12074)
* [REGRESSION] Export Objects do not show files from a SMB2 capture.
([21]Bug 13214)
* LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values.
([22]Bug 13481)
* Hexpane showing in proportional font again. ([23]Bug 13638)
* Regression in SCCP fragments handling. ([24]Bug 13651)
* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739)
* Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766)
* RANAP: possible issue in the heuristic code. ([27]Bug 13770)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-btrfcomm.c:314:37. ([28]Bug 13783)
* RANAP: false positives on heuristic algorithm. ([29]Bug 13791)
* Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798)
* DAAP dissector dissect_daap_one_tag recursion stack exhausted.
([31]Bug 13799)
* Malformed DCERPC PNIO packet decode, exception handler invalid
poionter reference. ([32]Bug 13811)
* It seems SPVID was decoded from wrong field. ([33]Bug 13821)
* README.dissectors: Add notes about predefined string structures not
available to plugin authors. ([34]Bug 13828)
* Statistics->Packet Lengths doesn't display details for 5120 or
greater. ([35]Bug 13844)
* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug
13850)
* BGP: incorrect decoding COMMUNITIES whose length is larger than
255. ([37]Bug 13872)
Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM
BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF,
PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC,
WBXML, WSMP, and Y.1711
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-22
Bazaar dissector infinite loop ([2]Bug 13599) [3]CVE-2017-9352
* [4]wnpa-sec-2017-23
DOF dissector read overflow ([5]Bug 13608) [6]CVE-2017-9348
* [7]wnpa-sec-2017-24
DHCP dissector read overflow ([8]Bug 13609, [9]Bug 13628)
[10]CVE-2017-9351
* [11]wnpa-sec-2017-25
SoulSeek dissector infinite loop ([12]Bug 13631) [13]CVE-2017-9346
* [14]wnpa-sec-2017-26
DNS dissector infinite loop ([15]Bug 13633) [16]CVE-2017-9345
* [17]wnpa-sec-2017-27
DICOM dissector infinite loop ([18]Bug 13685) [19]CVE-2017-9349
* [20]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([21]Bug 13649)
[22]CVE-2017-9350
* [23]wnpa-sec-2017-29
BT L2CAP dissector divide by zero ([24]Bug 13701) [25]CVE-2017-9344
* [26]wnpa-sec-2017-30
MSNIP dissector crash ([27]Bug 13725) [28]CVE-2017-9343
* [29]wnpa-sec-2017-31
ROS dissector crash ([30]Bug 13637) [31]CVE-2017-9347
* [32]wnpa-sec-2017-32
RGMP dissector crash ([33]Bug 13646) [34]CVE-2017-9354
* [35]wnpa-sec-2017-33
IPv6 dissector crash ([36]Bug 13675) [37]CVE-2017-9353
The following bugs have been fixed:
* DICOM dissection error. ([38]Bug 13164)
* Qt: drag & drop of one column header in PacketList moves other
columns. ([39]Bug 13183)
* Can not export captured DICOM objects in version 2.2.5. ([40]Bug
13570)
* False complain about bad checksum of ICMP extension header.
([41]Bug 13586)
* LibFuzzer: ISUP dissector bug (isup.number_different_meaning).
([42]Bug 13588)
* Dissector Bug, protocol BT ATT. ([43]Bug 13590)
* Wireshark dispalys
RRCConnectionReestablishmentRejectRRCConnectionReestablishmentRejec
t in Info column. ([44]Bug 13595)
* [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type
int in packet-ositp.c:551:79. ([45]Bug 13606)
* [oss-fuzz] UBSAN: shift exponent -77 is negative in
packet-netflow.c:7717:23. ([46]Bug 13607)
* [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type
int in packet-sigcomp.c:2128:28. ([47]Bug 13610)
* [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type
guint32 (aka unsigned int) in packet-rtcp.c:917:24. ([48]Bug 13611)
* [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type
guint64 (aka unsigned long) in dwarf.c:42:43. ([49]Bug 13616)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-xot.c:260:23. ([50]Bug 13618)
* [oss-fuzz] UBSAN: shift exponent -5 is negative in
packet-sigcomp.c:1722:36. ([51]Bug 13619)
* [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in
packet-quakeworld.c:134:5. ([52]Bug 13624)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-netsync.c:467:25. ([53]Bug 13639)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-sigcomp.c:3857:24. ([54]Bug 13641)
* [oss-fuzz] ASAN: stack-use-after-return
epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field.
([55]Bug 13662)
* Welcome screen invalid capture filter wihtout WinPcap installed
causes runtime error. ([56]Bug 13672)
* SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY
(0x33) command correctly. ([57]Bug 13690)
* SIP packets with SDP marked as malformed. ([58]Bug 13698)
* [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8]
in packet-ieee80211-radiotap.c:1836:12. ([59]Bug 13713)
* Crash on "Show packet bytes..." context menu item click. ([60]Bug
13723)
* DNP3 dissector does not properly decode packed variations with
prefixed qualifiers. ([61]Bug 13733)
Updated Protocol Support
Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNP3, DNS, DOF, DWARF, ICMP,
IEEE 802.11, IPv6, ISUP, LTE RRC, MSNIP, Netflow, Netsync, openSAFETY,
OSITP, QUAKEWORLD, Radiotap, RGMP, ROS, RTCP, SIGCOMP, SMB, SoulSeek,
and XOT
Wireshark 2.2.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-01
The ASTERIX dissector could go into an infinite loop. ([2]Bug
13344)
* [3]wnpa-sec-2017-02
The DHCPv6 dissector could go into a large loop. ([4]Bug 13345)
The following bugs have been fixed:
* TCP reassembly: tcp.reassembled_in is not set in first packet.
([5]Bug 3264)
* Duplicated Interfaces instances while refreshing. ([6]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([7]Bug
11785)
* Crash on fast local interface changes. ([8]Bug 12263)
* Please align columns in tshark's output. ([9]Bug 12502)
* Display data rate fields for VHT rates invalid with BCC modulation.
([10]Bug 12859)
* plugin_if_get_ws_info causes Access Violation if called during
rescan. ([11]Bug 12973)
* SMTP BDAT dissector not reverting to command-code after DATA.
([12]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([13]Bug 13093)
* Runtime Error when try to merge .pcap files (Wireshark crashes).
([14]Bug 13175)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([15]Bug 13188)
* In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. ([16]Bug
13233)
* Uninitialized memcmp on data in daintree-sna.c. ([17]Bug 13246)
* Crash when dissect WDBRPC Version 2 protocol with Dissect unknown
program numbers enabled. ([18]Bug 13266)
* Contents/Resources/bin directory isn't in the app bundle after
installation. ([19]Bug 13270)
* Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB
Transportation Protocol). ([20]Bug 13274)
* Can't decode packets captured with OpenBSD enc(4) encapsulating.
([21]Bug 13279)
* UDLD flags are at other end of octet. ([22]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([23]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([24]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([25]Bug 13320)
* VoIP Flow Sequence Causes Application Crash. ([26]Bug 13329)
Updated Protocol Support
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP,
PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support
Daintree SNA, and DBS Etherwatch
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* Arbitrary file deletion on Windows. ([1]Bug 13217)
The following bugs have been fixed:
* Saving all exported objects (SMB/SMB2) results in out of physical
memory. ([2]Bug 11133)
* Export HTTP Objects - Single file shows as multiple files in 2.0.2.
([3]Bug 12230)
* Follow Stream and graph buttons remain greyed out in conversation
window. ([4]Bug 12893)
* Dicom list of tags in element of VR=AT not properly decoded.
([5]Bug 13077)
* Malformed Packet: BGP Update (withdraw) message. ([6]Bug 13146)
* Install fail on macOS Sierra (error PKInstallErrorDomain Code=112).
([7]Bug 13152)
* GTP: "Create PDP Context response" message shows back-off timer as
malformed when included in the response. ([8]Bug 13153)
* ICMP dissector fails to properly detect timestamps. ([9]Bug 13161)
* RLC misdissection. ([10]Bug 13162)
* Text2pcap on Windows produces corrupt output when writing the
capture file to the standard output. ([11]Bug 13165)
* HTML escaping of quotes in error message. ([12]Bug 13178)
* TShark doesn't respect protocols.display_hidden_proto_items
setting. ([13]Bug 13192)
* RPC/RDMA dissector should exit when frame is not RPC-over-RDMA.
([14]Bug 13195)
* Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA.
([15]Bug 13196)
* RPC-over-RDMA frames with chunk lists are "Malformed". ([16]Bug
13197)
* TShark fails to pass RPC-over-RDMA frames to RPC subdissector.
([17]Bug 13198)
* Adding a DOF DPS Identity Secret, session Key, or Mode Template
causes Wireshark to crash. ([18]Bug 13209)
* Wireshark shows "MS Video Source Request" in a RTCP packet as
"Malformed". ([19]Bug 13212)
Updated Protocol Support
BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC
over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-58
Profinet I/O long loop. ([2]Bug 12851)
* [3]wnpa-sec-2016-59
AllJoyn crash. ([4]Bug 12953)
* [5]wnpa-sec-2016-60
OpenFlow crash. ([6]Bug 13071)
* [7]wnpa-sec-2016-61
DCERPC crash. ([8]Bug 13072)
* [9]wnpa-sec-2016-62
DTN infinite loop. ([10]Bug 13097)
The Windows PortableApps packages were susceptible to a [11]DLL
hijacking flaw.
The following bugs have been fixed:
* TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN
true. ([12]Bug 12579)
* SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
([13]Bug 12632)
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([14]Bug 12712)
* dmg for OS X does not install man pages. ([15]Bug 12746)
* Fails to compile against Heimdal 1.5.3. ([16]Bug 12831)
* TCP: Next sequence number off by one when sending payload in SYN
packet (e.g. TFO). ([17]Bug 12838)
* Follow TCP Stream shows duplicate stream data. ([18]Bug 12855)
* Dissection engine falsely asserts that EIGRP packet's checksum is
incorrect. ([19]Bug 12982)
* IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
([20]Bug 12984)
* Capture Filter Bookmark Inactive in Capture Options page. ([21]Bug
12986)
* CLNP dissector does not parse ER NPDU properly. ([22]Bug 12993)
* SNMP trap bindings for NON scalar OIDs. ([23]Bug 13013)
* BGP LS Link Protection Type TLV (1093) decoding. ([24]Bug 13021)
* Application crash sorting column for tcp.window_size_scalefactor up
and down. ([25]Bug 13023)
* ZigBee Green Power add key during execution. ([26]Bug 13031)
* Malformed AMPQ packets for session.expected and session.confirmed
fields. ([27]Bug 13037)
* Wireshark 2.2.1 crashes when attempting to merge pcap files.
([28]Bug 13060)
* [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
not correctly displayed. ([29]Bug 13065)
*
* Failure to dissect USB Audio feature unit descriptors missing the
iFeature field. ([30]Bug 13085)
* MSISDN not populated/decoded in JSON GTP-C decoding. ([31]Bug
13086)
* E212: 3 digits MNC are identified as 2 digits long if they end with
a 0. ([32]Bug 13092)
* Exception with last unknown Cisco AVP available in a SCCRQ message.
([33]Bug 13103)
* TShark stalls on FreeBSD if androiddump is present. ([34]Bug 13104)
* Dissector skips DICOM command. ([35]Bug 13110)
* UUID (FT_GUID) filtering isn't working. ([36]Bug 13121)
* Manufacturer name resolution fail. ([37]Bug 13126)
* packet-sdp.c allocates transport_info->encoding_name from wrong
memory pool. ([38]Bug 13127)
* Payload type name for dynamic payload is wrong for reverse RTP
channels. ([39]Bug 13132)
Updated Protocol Support
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN,
E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583,
Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP,
Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-56
The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
* [3]wnpa-sec-2016-57
The NCP dissector could crash. ([4]Bug 12945)
The following bugs have been fixed:
* Flow Graph colored data arrows. ([5]Bug 12065)
* Capture File Properties under Statistics Grayed Out after Stopping
a Capture. ([6]Bug 12071)
* Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
* Unable to save changes to coloring rules. ([8]Bug 12814)
* Bad description for NBSS error code 0x81. ([9]Bug 12835)
* Live capture from USBPcap fails immediately. ([10]Bug 12846)
* Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
([11]Bug 12879)
* Export packet dissections Option disabled after capturing traffic.
([12]Bug 12898)
* Failure to open file named with Chinese or other multibyte
characters. ([13]Bug 12900)
* k12 text file format causes errors. ([14]Bug 12903)
* File | File Set | List Files dialog is blank. ([15]Bug 12904)
* Decoding/Display of an INAP CONNECT message goes wrong for the
Destination Routing Address part. ([16]Bug 12911)
* TLS padding extension dissector length parsing bug. ([17]Bug 12922)
* Diameter dictionary bugs. ([18]Bug 12927)
* File open from menu bar with filter in place causes Wireshark to
crash. ([19]Bug 12929)
* Unable to capture USBPcap trace using tshark with extcap built.
([20]Bug 12949)
* P1 dissector fails a TVB assertion. ([21]Bug 12976)
* Multiple PortableApps instances can once again be run at the same
time.
Updated Protocol Support
6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
NBT, NCP, NetFlow, SSL / TLS, and U3V
New and Updated Capture File Support
Ascend, and K12
What's New
Bug Fixes
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([1]Bug 12712)
* Extcap errors not reported back to UI. ([2]Bug 11892)
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.2.0rc1:
"Decode As" supports SSL (TLS) over TCP.
The following features are new (or have been significantly updated)
since version 2.1.1:
* Invalid coloring rules are now disabled instead of discarded. This
will provide backward compatibility with a coloring rule change in
Wireshark 2.2.
The following features are new (or have been significantly updated)
since version 2.1.0:
* Added -d option for Decode As support in Wireshark (mimics TShark
functionality)
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible
JSON.
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
deprecated.
* The Conversations and Endpoints dialogs are more responsive when
viewing large numbers of items.
* The RTP player now allows up to 30 minutes of silence frames.
* Packet bytes can now be displayed as EBCDIC.
* The Qt UI loads captures faster on Windows.
* proto_tree_add_checksum was added as an API. This attempts to
standardize how checksums are reported and filtered for within
*Shark. There are no more individual "good" and "bad" filter
fields, protocols now have a "checksum.status" field that records
"Good", "Bad" and "Unverified" (neither good or bad). Color filters
provided with Wireshark have been adjusted to the new display
filter names, but custom ones may need to be updated.
The following features are new (or have been significantly updated)
since version 2.0.0:
* The intelligent scroll bar now sits to the left of a normal scroll
bar and provides a clickable map of nearby packets.
* You can now switch between between Capture and File Format
dissection of the current capture file via the View menu in the Qt
GUI.
* You can now show selected packet bytes as ASCII, HTML, Image, ISO
8859-1, Raw, UTF-8, a C array, or YAML.
* You can now use regular expressions in Find Packet and in the
advanced preferences.
* Name resolution for packet capture now supports asynchronous DNS
lookups only. Therefore the "concurrent DNS resolution" preference
has been deprecated and is a no-op. To enable DNS name resolution
some build dependencies must be present (currently c-ares). If that
is not the case DNS name resolution will be disabled (but other
name resolution mechanisms, such as host files, are still
available).
* The byte under the mouse in the Packet Bytes pane is now
highlighted.
* TShark supports exporting PDUs via the -U flag.
* The Windows and OS X installers now come with the "sshdump" and
"ciscodump" extcap interfaces.
* Most dialogs in the Qt UI now save their size and positions.
* The Follow Stream dialog now supports UTF-16.
* The Firewall ACL Rules dialog has returned.
* The Flow (Sequence) Analysis dialog has been improved.
* We no longer provide packages for 32-bit versions of OS X.
* The Bluetooth Device details dialog has been added.
New File Format Decoding Support
Wireshark is able to display the format of some types of files (rather
than displaying the contents of those files). This is useful when
you're curious about, or debugging, a file and its format. To open a
capture file (such as PCAP) in this mode specify "MIME Files Format" as
the file's format in the Open File dialog.
New Protocol Support
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
Digital Equipment Corporation Local Area Transport, Distributed Object
Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
Kernel Packet Header Dissector Added (IPOS), Extensible Control &
Management Protocol (eCMP), FLEXRAY Protocol dissector added
(automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO
8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
LAT protocol (DECNET), Metamako trailers, Network Service Header for
Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia
Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight
Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location
System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service,
STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link
Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras),
USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters
Dissectors Added (Closures Lighting General Measurement & Sensing HVAC
Security & Safety)
Updated Protocol Support
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process
information. It has been disabled by default.
New and Updated Capture File Support
Micropross mplog
New and Updated Capture Interfaces support
Non-empty section placeholder.
Major API Changes
The libwireshark API has undergone some major changes:
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
(lower case) functions of the same names instead.
* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.
* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-39
CORBA IDL dissector crash on 64-bit Windows. ([2]Bug 12495)
* [3]wnpa-sec-2016-41
PacketBB crash. ([4]Bug 12577)
* [5]wnpa-sec-2016-42
WSP infinite loop. ([6]Bug 12594)
* [7]wnpa-sec-2016-44
RLC long loop. ([8]Bug 12660)
* [9]wnpa-sec-2016-45
LDSS dissector crash. ([10]Bug 12662)
* [11]wnpa-sec-2016-46
RLC dissector crash. ([12]Bug 12664)
* [13]wnpa-sec-2016-47
OpenFlow long loop. ([14]Bug 12659)
* [15]wnpa-sec-2016-48
MMSE, WAP, WBXML, and WSP infinite loop. ([16]Bug 12661)
* [17]wnpa-sec-2016-49
WBXML crash. ([18]Bug 12663)
The following bugs have been fixed:
* T30 FCF byte decoding masks DTC, CIG and NCS. ([19]Bug 1918)
* TShark crashes with option "-z io,stat,..." in the presence of
negative relative packet timestamps. ([20]Bug 9014)
* Packet size limited during capture msg is repeated in the Info
column. ([21]Bug 9826)
* Wireshark loses windows decorations on second screen when
restarting maximized using GNOME. ([22]Bug 11303)
* Cannot launch GTK+ version of wireshark as a normal user. ([23]Bug
11400)
* Restart current capture fails with "no interface selected" error
when capturing in promiscuous mode. ([24]Bug 11834)
* Add field completion suggestions when adding a Display filter or Y
Field to the IO Graph. ([25]Bug 11899)
* Wireshark Qt always indicates locale as "C". ([26]Bug 11960)
* Wireshark crashes every time open Statistics -> Conversations |
Endpoints. ([27]Bug 12288)
* Find function within the conversations window does not work.
([28]Bug 12363)
* Invalid values for USB SET_REQUEST packets. ([29]Bug 12511)
* Display filter dropdown hides cursor. ([30]Bug 12520)
* Filter for field name tcp.options.wscale.multiplier cannot exceed
255. ([31]Bug 12525)
* Ctrl+ shortcuts that are not text-related do not work when focus is
on display filter field. ([32]Bug 12533)
* Closing Statistics window results in black screen. ([33]Bug 12544)
* OSPF: Incorrect description of N/P-bit in NSSA LSA. ([34]Bug 12555)
* Inconsistent VHT data rate. ([35]Bug 12558)
* DCE/RPC malformed error when stub-data is missing but a
sub-dissector has been registered. ([36]Bug 12561)
* Wireshark is marking BGP FlowSpec NLRI as malformed if NLRI length
is larger than 239 bytes. ([37]Bug 12568)
* "Edit Resolved Name" is not saved in current pcapng file. ([38]Bug
12629)
* MPTCP: MP_JOIN B bit not decoded correctly. ([39]Bug 12635)
* MPTCP MP_PRIO header with AddrID: incorrect AddrID. ([40]Bug 12641)
Updated Protocol Support
802.11 Radiotap, BGP, CAN, CANopen, H.248 Q.1950, IPv4, IPv6, LANforge,
LDSS, MPTCP, OSPF, PacketBB, PRP, RLC, RMT-FEC, RSVP, RTP MIDI, T.30,
TDS, USB, WAP, WBXML, WiMax RNG-RSP, and WSP
New and Updated Capture File Support
and pcapng
Wireshark 2.0.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered by
the CESG.
* [2]wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. ([3]Bug 11585)
* [4]wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. ([5]Bug 12175)
* [6]wnpa-sec-2016-32
The UMTS FP dissector could crash. ([7]Bug 12191)
* [8]wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz Jurczyk.
([9]Bug 12356)
* [10]wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense Labs.
([11]Bug 12394)
* [12]wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense Labs.
([13]Bug 12395)
* [14]wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense Labs.
([15]Bug 12396)
* [16]wnpa-sec-2016-37
The Ethernet dissector could crash. ([17]Bug 12440)
The following bugs have been fixed:
* Saving pcap capture file with ERF encapsulation creates an invalid
pcap file. ([18]Bug 3606)
* Questionable calling of Ethernet dissector by encapsulating
protocol dissectors. ([19]Bug 9933)
* Wireshark 1.12.0 does not dissect HTTP correctly. ([20]Bug 10335)
* Don't copy details of hidden columns. ([21]Bug 11788)
* RTP audio player crashes. ([22]Bug 12166)
* Crash when saving RTP audio Telephony->RTP->RTP
Streams->Analyze->Save->Audio. ([23]Bug 12211)
* Edit - preferences - add column field not showing dropdown for
choices. ([24]Bug 12321)
* Using _ws.expert in a filter can cause a crash. ([25]Bug 12335)
* Crash in SCCP dissector UAT (Qt UI only). ([26]Bug 12364)
* J1939 frame without data = malformed packet ? ([27]Bug 12366)
* The stream number in tshark's "-z follow,tcp,<stream number>"
option is 0-origin rather than 1-origin. ([28]Bug 12383)
* IP Header Length display filter should show calculated value.
([29]Bug 12387)
* Multiple file radio buttons should be check boxes. ([30]Bug 12388)
* Wrong check for getaddrinfo and gethostbyname on Solaris 11.
([31]Bug 12391)
* ICMPv6 dissector doesn't respect actual packet length. ([32]Bug
12400)
* Format DIS header timestamp mm:ss.nnnnnn. ([33]Bug 12402)
* RTP Stream Analysis can no longer be sorted in 2.0.3. ([34]Bug
12405)
* RTP Stream Analysis fails to complete in 2.0.3 when packets are
sliced. ([35]Bug 12406)
* Network-Layer Name Resolution uses first 32-bits of IPv6 DNS
address as IPv4 address in some circumstances. ([36]Bug 12412)
* BACnet decoder incorrectly flags a valid APDU as a "Malformed
Packet". ([37]Bug 12422)
* Valid ISUP messages marked with warnings. ([38]Bug 12423)
* Profile command line switch "-C" not working in Qt interface.
([39]Bug 12425)
* MRCPv2: info column not showing info correctly. ([40]Bug 12426)
* Diameter: Experimental result code 5142. ([41]Bug 12428)
* Tshark crashes when analyzing RTP due to pointer being freed not
allocated. ([42]Bug 12430)
* NFS: missing information in getattr for supported exclusive create
attributes. ([43]Bug 12435)
* Ethernet type field with a value of 9100 is shown as "Unknown".
([44]Bug 12441)
* Documentation does not include support for Windows Server 2012 R2.
([45]Bug 12455)
* Column preferences ruined too easily. ([46]Bug 12465)
* SMB Open andX extended response decoded incorrectly. ([47]Bug
12472)
* SMB NtCreate andX with extended response sometimes incorrect.
([48]Bug 12473)
* Viewing NFSv3 Data, checking SRTs doesn't work. ([49]Bug 12478)
* Make wireshark with Qt enabled buildable on ARM. ([50]Bug 12483)
Updated Protocol Support
AFS, ANSI IS-637 A, BACapp, BT BNEP, Cisco FabricPath MiM, CSN.1,
DCERPC SPOOLS, DIS, Ethernet, GSM A RR, ICMPv6, IEEE 802.11, IPv4,
ISUP, J1939, JXTA, LAPSat, LPADm, LTE-RRC, MRCPv2, NFS, OpenFlow,
SGsAP, SMB, STT, TZSP, UMTS FP, and USB
New and Updated Capture File Support
Aethra, Catapult DCT2000, CoSine, DBS Etherwatch, ERF, iSeries, Ixia
IxVeriWave, NetScreen, Toshiba, and VMS TCPIPtrace
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-01
DLL hijacking vulnerability. [2]CVE-2016-2521
* [3]wnpa-sec-2016-02
ASN.1 BER dissector crash. ([4]Bug 11828) [5]CVE-2016-2522
* [6]wnpa-sec-2016-03
DNP dissector infinite loop. ([7]Bug 11938) [8]CVE-2016-2523
* [9]wnpa-sec-2016-04
X.509AF dissector crash. ([10]Bug 12002) [11]CVE-2016-2524
* [12]wnpa-sec-2016-05
HTTP/2 dissector crash. ([13]Bug 12077) [14]CVE-2016-2525
* [15]wnpa-sec-2016-06
HiQnet dissector crash. ([16]Bug 11983) [17]CVE-2016-2526
* [18]wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. ([19]Bug 11982)
[20]CVE-2016-2527
* [21]wnpa-sec-2016-08
LBMC dissector crash. ([22]Bug 11984) [23]CVE-2016-2528
* [24]wnpa-sec-2016-09
iSeries file parser crash. ([25]Bug 11985) [26]CVE-2016-2529
* [27]wnpa-sec-2016-10
RSL dissector crash. ([28]Bug 11829) [29]CVE-2016-2530
[30]CVE-2016-2531
* [31]wnpa-sec-2016-11
LLRP dissector crash. ([32]Bug 12048) [33]CVE-2016-2532
* [34]wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. ([35]Bug 11795)
* [36]wnpa-sec-2016-13
IEEE 802.11 dissector crash. ([37]Bug 11818)
* [38]wnpa-sec-2016-14
GSM A-bis OML dissector crash. ([39]Bug 11825)
* [40]wnpa-sec-2016-15
ASN.1 BER dissector crash. ([41]Bug 12106)
* [42]wnpa-sec-2016-16
SPICE dissector large loop. ([43]Bug 12151)
* [44]wnpa-sec-2016-17
NFS dissector crash.
* [45]wnpa-sec-2016-18
ASN.1 BER dissector crash. ([46]Bug 11822)
The following bugs have been fixed:
* HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP
streams" option is enabled. ([47]Bug 9848)
* Questionable calling of ethernet dissector by encapsulating
protocol dissectors. ([48]Bug 9933)
* [Qt & Legacy & probably TShark too] Delta Time Conversation column
is empty. ([49]Bug 11559)
* extcap: abort when validating capture filter for DLT 147. ([50]Bug
11656)
* Missing columns in Qt Flow Graph. ([51]Bug 11710)
* Interface list doesn't show well when the list is very long.
([52]Bug 11733)
* Unable to use saved Capture Filters in Qt UI. ([53]Bug 11836)
* extcap: Capture interface options snaplen, buffer and promiscuous
not being used. ([54]Bug 11865)
* Improper RPC reassembly ([55]Bug 11913)
* GTPv1 Dual Stack with one static and one Dynamic IP. ([56]Bug
11945)
* Wireshark 2.0.1 MPLS dissector not decoding payload when control
word is present in pseudowire. ([57]Bug 11949)
* "...using this filter" turns white (not green or red). Plus
dropdown arrow does nothing. ([58]Bug 11950)
* EIGRP field eigrp.ipv4.destination does not show the correct
destination. ([59]Bug 11953)
* tshark -z conv,type[,filter] swapped frame / byte values from / to
columns. ([60]Bug 11959)
* The field name nstrace.tcpdbg.tcpack should be
nstrace.tcpdbg.tcprtt. ([61]Bug 11964)
* 6LoWPAN IPHC traffic class not decompressed correctly. ([62]Bug
11971)
* Crash with snooping NFS file handles. ([63]Bug 11972)
* 802.11 dissector fails to decrypt some broadcast messages. ([64]Bug
11973)
* Wireshark hangs when adding a new profile. ([65]Bug 11979)
* Issues when closing the application with a running capture without
packets. ([66]Bug 11981)
* New Qt UI lacks ability to step through multiple TCP streams with
Analyze > Follow > TCP Stream. ([67]Bug 11987)
* GTK: plugin_if_goto_frame causes Access Violation if called before
capture file is loaded. ([68]Bug 11989)
* Wireshark 2.0.1 crash on start. ([69]Bug 11992)
* Wi-Fi 4-way handshake 4/4 is displayed as 2/4. ([70]Bug 11994)
* ACN: acn.dmx.data has incorrect type. ([71]Bug 11999)
* editcap packet comment won't add multiple comments. ([72]Bug 12007)
* DICOM Sequences no longer able to be expanded. ([73]Bug 12011)
* Wrong TCP stream when port numbers are reused. ([74]Bug 12022)
* SSL decryption fails in presence of a Client certificate. ([75]Bug
12042)
* LUA: TVBs backing a data source is freed too early. ([76]Bug 12050)
* PIM: pim.group filter have the same name for IPv4 and IPv6.
([77]Bug 12061)
* Failed to parse M3AP IE (TNL information). ([78]Bug 12070)
* Wrong interpretation of Instance ID value in OSPFv3 packet.
([79]Bug 12072)
* MP2T Dissector does parse RTP properly in 2.0.1. ([80]Bug 12099)
* editcap does not adjust time for frames with absolute timestamp 0 <
t < 1 secs. ([81]Bug 12116)
* Guard Interval is not consistent between Radiotap & wlan_radio.
([82]Bug 12123)
* Calling dumpcap -i- results in access violation. ([83]Bug 12143)
* Qt: Friendly Name and Interface Name columns should not be
editable. ([84]Bug 12146)
* PPTP GRE call ID not always decoded. ([85]Bug 12149)
* Interface list does not show device description anymore. ([86]Bug
12156)
* Find Packet does not highlight the matching tree item or packet
bytes. ([87]Bug 12157)
* "total block length ... is too large" error when opening pcapng
file with multiple SHB sections. ([88]Bug 12167)
* http.request.full_uri is malformed if an HTTP Proxy is used.
([89]Bug 12176)
* SNMP dissector fails at msgSecurityParameters with long length
encoding. ([90]Bug 12181)
Updated Protocol Support
6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100,
EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11,
IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS,
NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE,
SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF
New and Updated Capture File Support
3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng
What's New
Bug Fixes
The following vulnerabilities have been fixed.
* [1]wnpa-sec-2015-30
Pcapng file parser crash. Discovered by Dario Lombardo and Shannon
Sabens. ([2]Bug 11455) [3]CVE-2015-7830
The following bugs have been fixed:
* Last Address field for IPv6 RPL routing header is interpreted
incorrectly. ([4]Bug 10560)
* Comparing two capture files crashes Wireshark when navigating the
results. ([5]Bug 11098)
* 802.11 frame is not correctly dissected if it contains HT Control.
([6]Bug 11351)
* GVCP bit-fields not updated. ([7]Bug 11442)
* Tshark crash when specifying ssl.keys_list on CLI. ([8]Bug 11443)
* pcapng: SPB capture length is incorrectly truncated if IDB snaplen
= 0. ([9]Bug 11483)
* pcapng: NRB IPv4 address is endian swapped but shouldn't be.
([10]Bug 11484)
* pcapng: NRB with options causes file read failure. ([11]Bug 11485)
* pcapng: ISB without if_drop option is shown as max value. ([12]Bug
11489)
* UNISTIM dissector - Message length not included in offset for
"Select Adjustable Rx Volume". ([13]Bug 11497)
Updated Protocol Support
DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
Full ChangeLog since 1.10.14 is too long to include. A few highlights:
- Expert information is now filterable when the new API is in use.
- "malformed" display filter has been renamed to "_ws.malformed".
- Transport name resolution is now disabled by default.
- Support has been added for all versions of the DCBx protocol.
- Cleanup of LLDP code, all dissected fields are now navigable.
- Dissector output may be encoded as UTF-8. This includes TShark output.
- The ASN1 plugin has been removed as it s deemed obsolete.
- The GNM dissector has been removed as it was never used.
- The Kerberos dissector has been replaced by one generated from ASN1 code.
- A more flexible, modular memory manager (wmem) has been added.
- A new API for expert information has been added, replacing the old one.
- The tvbuff API has been cleaned up.
- Support for 80+ new protocols
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-14
The WCP dissector could crash while decompressing data. (Bug 10978)
CVE-2015-3811
* wnpa-sec-2015-15
The X11 dissector could leak memory. (Bug 11088)
CVE-2015-3812
* wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110)
CVE-2015-3814
The following bugs have been fixed:
* Wireshark crashes if "Update list of packets in real time" is
disabled and a display filter is applied while capturing. (Bug 6217)
* Wireshark relative ISN set incorrectly if raw ISN set to 0.
(Bug 10713)
* Buffer overrun in encryption code. (Bug 10849)
* ICMP Parameter Problem message contains Length of original datagram
is treated as the total IPv4 length. (Bug 10991)
* ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug
10992)
* Interface Identifier incorrectly represented by Wireshark. (Bug
11053)
* Annoying popup when trying to capture on bonding devices on Linux.
(Bug 11058)
* CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
* Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
* packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn't filter ENUM. (Bug 11120)
* Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP".
(Bug 11141)
- Updated Protocol Support
ASN.1 PER, CANopen, GSM RLC/MAC, GSMTAP, ICMP, IEEE 802.11, LPP,
MEGACO, PKCS-1, PPP IPv6CP, SRVLOC, SSL, TCP, WCP, X11, and ZigBee ZCL
- New and Updated Capture File Support
Savvius OmniPeek Visual Networks
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-07
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
* wnpa-sec-2015-08
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
* wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
* IPv6 AUTH mobility option parses Mobility SPI and Authentication
Data incorrectly. (Bug 10626)
* DHCP Option 125 Suboption: (1) option-len always expects 1 but
specification allows for more. (Bug 10784)
* Little-endian OS X Bluetooth PacketLogger files aren't handled.
(Bug 10861)
* X.509 certificate serial number incorrectly interpreted as negative
number. (Bug 10862)
* H.248 "ServiceChangeReasonStr" messages are not shown in text
generated by tshark. (Bug 10879)
* Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI.
(Bug 10897)
* MEGACO wrong decoding on media port. (Bug 10898)
* Wrong media format. (Bug 10899)
* BSSGP Status PDU decoding fault (missing Mandatory element (0x04)
BVCI for proper packet). (Bug 10903)
* Packets on OpenBSD loopback decoded as raw not null. (Bug
10956)
* Display Filter Macro unable to edit. (Bug 10957)
* IPv6 Local Mobility Anchor Address mobility option code is treated
incorrectly. (Bug 10961)
* Juniper Packet Mirror dissector expects ipv6 flow label = 0.
(Bug 10976)
* Infinite loop DoS in TNEF dissector. (Bug 11023)
- Updated Protocol Support
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
- New and Updated Capture File Support
PacketLogger, and Pcapng
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662)
CVE-2014-8710
* wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711
* wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712
CVE-2014-8713
* wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
* 6LoWPAN Mesh headers not treated as encapsulating address.
(Bug 10462)
* UCP dissector bug of operation 31 - PID 0639 not
recognized. (Bug 10463)
* iSCSI dissector rejects PDUs with "expected data transfer
length" > 16M. (Bug 10469)
* GTPv2: trigging_tree under Trace information has wrong
length. (Bug 10470)
* Attempt to render an SMS-DELIVER-REPORT instead of an
SMS-DELIVER. (Bug 10547)
* IPv6 Mobility Option IPv6 Address/Prefix marks too many
bytes for the address/prefix field. (Bug 10576)
* IPv6 Mobility Option Binding Authorization Data for FMIPv6
Authenticator field is read beyond the option data.
(Bug 10577)
* IPv6 Mobility Option Mobile Node Link Layer Identifier
Link-layer Identifier field is read beyond the option data.
(Bug 10578)
* Malformed PTPoE announce packet. (Bug 10611)
* IPv6 Permanent Home Keygen Token mobility option includes
too many bytes for the token field. (Bug 10619)
* IPv6 Redirect Mobility Option K and N bits are parsed
incorrectly. (Bug 10622)
* IPv6 Care Of Test mobility option includes too many bytes
for the Keygen Token field. (Bug 10624)
* IPv6 MESG-ID mobility option is parsed incorrectly.
(Bug 10625)
* IPv6 AUTH mobility option parses Mobility SPI and
Authentication Data incorrectly. (Bug 10626)
* IPv6 DNS-UPDATE-TYPE mobility option includes too many
bytes for the MD identity field. (Bug 10629)
* IPv6 Local Mobility Anchor Address mobility option's code
and reserved fields are parsed as 2 bytes instead of 1.
(Bug 10630)
* TShark crashes when running with PDML on a specific packet.
(Bug 10651)
* IPv6 Mobility Option Context Request reads an extra
request. (Bug 10676)
- Updated Protocol Support
6LoWPAN, AMQP, GSM MAP, GTPv2, H.223, IEEE 802.11, iSCSI, MIH,
Mobile IPv6, PTPoE, TN5250, and UCP
- New and Updated Capture File Support
Catapult DCT2000, HP-UX nettl, pcap-ng, and Sniffer (DOS)
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-08
The Catapult DCT2000 and IrDA dissectors could underrun a
buffer.
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-09
The GSM Management dissector could crash. (Bug 10216)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-10
The RLC dissector could crash. (Bug 9795)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-11
The ASN.1 BER dissector could crash. (Bug 10187)
Versions affected: 1.10.0 to 1.10.8
- The following bugs have been fixed:
* GSM MAP: ensure that p2p_dir is always initialized before
calling GSM SMS dissector (Bug 10234)
* BFCP: include padding length in calculation of correct
attribute length (Bug 10240)
* GTP: allow empty Data Record Packet IE (Bug 10277)
* WebSocket: increase max unmask payload size to 256K and
indicate that packet is truncated is going above the new
limit (Bug 10283)
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-07
The frame metadissector could crash. (Bug 9999, Bug 10030)
Versions affected: 1.10.0 to 1.10.7
CVE-2014-4020
= The following bugs have been fixed:
* VoIP flow graph crash upon opening. (Bug 9179)
* Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
* IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
* Failed to export pdml on large pcap. (Bug 10081)
* TCAP: set a fence on info column after calling sub
dissector (Bug 10091)
* Dissector bug in JSON protocol. (Bug 10115)
* GSM RLC MAC: do not skip too many lines of the CSN_DESCR
when the field is missing (Bug 10120)
* Wireshark PEEKREMOTE incorrectly decoding QoS data packets
from Cisco Sniffer APs. (Bug 10139)
* IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)
- Updated Protocol Support
CIP, EtherNet/IP, GSM RLC MAC, IEEE 802.11, IPv6, and TCAP
- New and Updated Capture File Support
pcap-ng, and PEEKREMOTE
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-06
The RTP dissector could crash. (Bug 9885)
Versions affected: 1.10.0 to 1.10.6
CVE-2014-2907
The following bugs have been fixed:
* RTP not decoded inside the conversation in v.1.10.1 (Bug 9021)
* SIP/SDP: disabled second media stream disables all media
streams (Bug 9835)
* Lua: trying to get/access a Preference before its
registered causes a segfault (Bug 9853)
* Some value_string strings contain newlines. (Bug 9878)
* Tighten the NO_MORE_DATA_CHECK macros (Bug 9932)
* Fix crash when calling "MAP Summary" dialog when no file is
open (Bug 9934)
* Fix comparing a sequence number of TCP fragment when its
value wraps over uint32_t limit (Bug 9936)
- Updated Protocol Support
ANSI A, DVB-CI, GSM DTAP, GSM MAP, IEEE 802.11, LCSAP, LTE RRC,
MAC LTE, Prism, RTP, SDP, SIP, and TCP
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2014-01
The NFS dissector could crash. Discovered by Moshe Kaplan.
(Bug 9672)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2281
* wnpa-sec-2014-02
The M3UA dissector could crash. Discovered by Laurent
Butti. (Bug 9699)
Versions affected: 1.10.0 to 1.10.5
CVE-2014-2282
* wnpa-sec-2014-03
The RLC dissector could crash. (Bug 9730)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2283
* wnpa-sec-2014-04
The MPEG file parser could overflow a buffer. Discovered by
Wesley Neelen. (Bug 9843)
Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12
CVE-2014-2299
The following bugs have been fixed:
* Customized OUI is not recognized correctly during
dissection. (Bug 9122)
* Properly decode CAPWAP Data Keep-Alives. (Bug 9165)
* Build failure with GTK 3.10 - GTK developers have gone
insane. (Bug 9340)
* SIGSEGV/SIGABRT during free of TvbRange using a chained
dissector in lua. (Bug 9483)
* MPLS dissector no longer registers itself in "ppp.protocol"
table. (Bug 9492)
* Tshark doesn't display the longer data fields (mbtcp).
(Bug 9572)
* DMX-CHAN disector does not clear strbuf between rows.
(Bug 9598)
* Dissector bug, protocol SDP: proto.c:4214: failed assertion
"length >= 0". (Bug 9633)
* False error: capture file appears to be damaged or corrupt.
(Bug 9634)
* SMPP field source_telematics_id field length different from
spec. (Bug 9649)
* Lua: bitop library is missing in Lua 5.2. (Bug 9720)
* GTPv1-C / MM Context / Authentication quintuplet / RAND is
not correct. (Bug 9722)
* Lua: ProtoField.new() is buggy. (Bug 9725)
* Lua: ProtoField.bool() VALUESTRING argument is not optional
but was supposed to be. (Bug 9728)
* Problem with CAPWAP Wireshark Dissector. (Bug 9752)
* nas-eps dissector: CS Service notification dissection stops
after Paging identity IE. (Bug 9789)
- New and Updated Features
IPv4 checksum verfification is now disabled by default.
- Updated Protocol Support
AppleTalk, CAPWAP, DMX-CHAN, DSI, DVB-CI, ESS, GTPv1, IEEE
802a, M3UA, Modbus/TCP, NAS-EPS, NFS, OpenSafety, SDP, and SMPP
- New and Updated Capture File Support
libpcap, MPEG, and pcap-ng
- The following bugs have been fixed:
* Wireshark stops showing new packets but dumpcap keeps
writing them to the temp file. (Bug 9571)
* Wireshark 1.10.4 shuts down when promiscuous mode is
unchecked. (Bug 9577)
* Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector
accessed an invalid memory address. (Bug 9578)
- Updated Protocol Support
GSM BSSMAP, GSM BSSMAP LE, GSM SMS, Homeplug, NAS-EPS, and SGSAP
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-66
The SIP dissector could go into an infinite loop.
Discovered by Alain Botti. (Bug 9388)
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7112
* wnpa-sec-2013-67
The BSSGP dissector could crash. Discovered by Laurent
Butti. (Bug 9488)
Versions affected: 1.10.0 to 1.10.3
CVE-2013-7113
* wnpa-sec-2013-68
The NTLMSSP v2 dissector could crash. Discovered by Garming
Sam.
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7114
The following bugs have been fixed:
* "On-the-wire" packet lengths are limited to 65535 bytes.
(Bug 8808, ws-buglink:9390)
* Tx MCS set is not interpreted properly in WLAN beacon
frame. (Bug 8894)
* VoIP Graph Analysis window - some calls are black. (Bug
8966)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* epan/follow.c - Incorrect "bytes missing in capture file"
in "check_fragments" due to an unsigned int wraparound?.
(Bug 9112)
* gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus
result. (Bug 9382)
* Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
* Timestamp decoded for Gigamon trailer is not padded
correctly. (Bug 9433)
* SEL Fast Message Bug-fix for Signed 16-bit Integer Fast
Meter Messages. (Bug 9435)
* DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug
9442)
* GSM SMS User Data header fill bits are wrong when using a 7
bits ASCII / IA5 encoding. (Bug 9478)
* WCDMA RLC dissector cannot assemble PDUs with SNs skipped
and wrap-arounded. (Bug 9505)
* DTLS: fix buffer overflow in mac check. (Bug 9512)
* Correct data length in SCSI_DATA_IN packets (within
iSCSI). (Bug 9521)
* GSM SMS UDH EMS control expects 4 octets instead of 3 with
OPTIONAL 4th. (Bug 9550)
* Fix "decode as ..." for packet-time.c. (Bug 9563)
- Updated Protocol Support
ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS,
IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-61
The IEEE 802.15.4 dissector could crash. (Bug 9139)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6336
* wnpa-sec-2013-62
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9168)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6337
* wnpa-sec-2013-63
The SIP dissector could crash. (Bug 9228)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6338
* wnpa-sec-2013-64
The OpenWire dissector could go into a large loop.
Discovered by Murali. (Bug 9248)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6339
* wnpa-sec-2013-65
The TCP dissector could crash. (Bug 9263)
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
CVE-2013-6340
- The following bugs have been fixed:
* new_packet_list: EAP-TLS reassemble does not happen when
NEW_PACKET_LIST is toggled. (Bug 5349)
* TLS decryption fails with XMPP start_tls. (Bug 8871)
* Wrong Interpretation of GTS starting slot. (Bug 8946)
* "Follow TCP Stream" shows only the first HTTP req+res.
(Bug 9044)
* The value of SEND_TO_UE in the DIAMETER Gx dictionary for
Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
* Crash then try to delete the same entry (length range)
twice. (Bug 9129)
* Crash if wrong "packet lengths range" entered. (Bug
9130)
* Bssgp => SGSN-INVOKE-TRACE use the wrong function...
(Bug 9157)
* Minor correction to dissection of DLR frames in Ethernet/IP
dissector. (Bug 9186)
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded
in packet-dns.c. (Bug 9199)
* Files with pcap-ng Simple Packet Blocks can't be read.
(Bug 9200)
* Bug in RTP dissector if RTP extension is present. (Bug
9204)
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11
Registration Request. (Bug 9206)
* "make debian-package" fails, missing wsicon32.xpm. (Bug
9209)
* Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
* Ring buffer crash when tshark gets too far behind dumpcap.
(Bug 9258)
* PTP Dissector Wrongfully Reports Malformed Packet. (Bug
9262)
* Wireshark lua dissector unable to load for
media_type=application/octet-stream. (Bug 9296)
* Wireshark crash when dissecting packet with NTLMSSP.
(Bug 9299)
* Padding in uint64 field in DCERPC protocol wrongly
reported. (Bug 9300)
* DCERPC data_blobs are not correctly dissected when NDR64
encoding is used. (Bug 9301)
* Multiple PDUs in the same DCERPC packet are not correctly
decrypted. (Bug 9302)
* The tshark summary line doesn't display the frame number or
displays it sporadically. (Bug 9317)
* Bluetooth: SDP improvements and minor fixes. (Bug 9327)
* Duplicate IRC header field abbreviation breaks filter
(example: irc.response.command). (Bug 9360)
- Updated Protocol Support
3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT,
DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE
802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP,
WiMax, and XMPP
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2013-54
The Bluetooth HCI ACL dissector could crash. Discovered by
Laurent Butti. (Bug 8827)
Versions affected: 1.10.0 to 1.10.1
* wnpa-sec-2013-55
The NBAP dissector could crash. Discovered by Laurent
Butti. (Bug 9005)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-56
The ASSA R3 dissector could go into an infinite loop.
Discovered by Ben Schmidt. (Bug 9020)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-57
The RTPS dissector could overflow a buffer. Discovered by
Ben Schmidt. (Bug 9019)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-58
The MQ dissector could crash. (Bug 9079)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-59
The LDAP dissector could crash. Versions affected: 1.10.0
to 1.10.1, 1.8.0 to 1.8.9
* wnpa-sec-2013-60
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
- The following bugs have been fixed:
* Lua ByteArray:append() causes wireshark crash. (Bug
4461)
* Lua script can not get "data-text-lines" protocol data.
(Bug 5200)
* Lua: Trying to use Field.new("tcp.segments") to get
reassembled TCP data is failed. (Bug 5201)
* "Edit Interface Settings": "Capture Filter" combo box is
not populated across Wireshark sessions. (Bug 7278)
* PER normally small non-negative whole number decoding is
wrong when >= 64. (Bug 8841)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Incorrect parsing of IPFIX *IpTotalLength elements.
(Bug 8918)
* IO graph/advanced, max/min/summ error on frames with
multiple Diameter messages. (Bug 8980)
* pod2man error on reordercap.pod. (Bug 8982)
* SGI Nsym disambiguation is unconditionally displayed when
dissecting VHT. (Bug 8989)
* The Wireshark icon doesn't show up in OS X 10.5. (Bug
8993)
* Build fails if system Python is version 3+. (Bug 8995)
* SCSI dissector does not parse PERSISTENT RESERVE commands
correctly. (Bug 9012)
* SDP messages throws an assert. (Bug 9022)
* Wireshark fails to decode single-line, multiple Contact:
URIs in SIP responses. (Bug 9031)
* PN_MRP LinkUp Message is shown as LinkDown in info.
(Bug 9035)
* Dissector for EtherCAT: ADS highlighting in the Packet
Bytes Pane is incorrect. (Bug 9036)
* 802.11 HT Extended Capabilities B10 decode incorrect.
(Bug 9038)
* Wrong dissection of MSTI Root Identifiers for all MSTIs.
(Bug 9088)
* Weird malformed HTTP error. (Bug 9101)
* Warning for attempting to install 64-bit Wireshark on a
32-bit machine has an embedded "\n". (Bug 9103)
* Wireshark crashes when using "Export Specified Packets" >
"Displayed". (Bug 9106)
- Updated Protocol Support
ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2,
HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS,
PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
- The following vulnerabilities have been fixed.
* wnpa-sec-2013-41
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7
CVE-2013-4083
* wnpa-sec-2013-42
The P1 dissector could crash. Discovered by Laurent Butti.
(Bug 8826)
Versions affected: 1.10.0
CVE-2013-4920
* wnpa-sec-2013-43
The Radiotap dissector could crash. Discovered by Laurent
Butti. (Bug 8830)
Versions affected: 1.10.0
CVE-2013-4921
* wnpa-sec-2013-44
The DCOM ISystemActivator dissector could crash. Discovered
by Laurent Butti. (Bug 8828)
Versions affected: 1.10.0
CVE-2013-4924
CVE-2013-4926
* wnpa-sec-2013-45
The Bluetooth SDP dissector could go into a large loop.
Discovered by Laurent Butti. (Bug 8831)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4927
* wnpa-sec-2013-46
The Bluetooth OBEX dissector could go into an infinite
loop. (Bug 8875)
Versions affected: 1.10.0
CVE-2013-4928
* wnpa-sec-2013-47
The DIS dissector could go into a large loop. (Bug
8911)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4929
* wnpa-sec-2013-48
The DVB-CI dissector could crash. Discovered by Laurent
Butti. (Bug 8916)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4930
* wnpa-sec-2013-49
The GSM RR dissector (and possibly others) could go into a
large loop. (Bug 8923)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4931
* wnpa-sec-2013-50
The GSM A Common dissector could crash. (Bug 8940)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4932
* wnpa-sec-2013-51
The Netmon file parser could crash. Discovered by G.
Geshev. (Bug 8742)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4934
* wnpa-sec-2013-52
The ASN.1 PER dissector could crash. Discovered by
Oliver-Tobias Ripka. (Bug 8722)
Versions affected: 1.10.0, 1.8.0 to 1.8.8
CVE-2013-4935
* wnpa-sec-2013-53
The PROFINET Real-Time dissector could crash. (Bug
8904)
Versions affected: 1.10.0
CVE-2013-4936
- The following bugs have been fixed:
* Mark retransmitted SYN and FIN packets as retransmissions.
* Wireshark hides under Taskbar. (Bug 3034)
* IEEE 802.15.4 frame check sequence in "Chipcon mode" not
displayed correctly. (Bug 4507)
* Mask in Lua ProtoField.uint32() does not work as expected.
(Bug 5734)
* Crash when applying filter with Voip calls. (Bug 6090)
* Delta time regressions to tshark introduced with SVN 45071.
(Bug 8160)
* Add MAC-DATA support to TETRA dissector and other minor
improvements. (Bug 8708)
* Crash analyzing VoIP Calls (T38). (Bug 8736)
* Wireshark writes empty NRB FQDN which makes trace
unloadable. (Bug 8763)
* Quick launch icon is absent, so it shows up as a generic
icon. (Bug 8773)
* Wrong encoding for 2 pod files, UTF-8 characters in
another. (Bug 8774)
* SCSI (SPC) sense key specific information field must not
include SKSV. (Bug 8782)
* Wireshark crashes when closing Flow Graph with Graph
Analysis opened. (Bug 8793)
* Wrong size of LLRP ProtocolID Parameter in Accessspec
Parameter. (Bug 8809)
* Detection of IPv6 works only on Solaris 8. (Bug 8813)
* ip.opt.type triggers for TCP NOP option. (Bug 8823)
* DCOM-SYSACT dissector crash. (Bug 8828)
* Incorrect decoding of MPLS Echo Request with BGP FEC.
(Bug 8835)
* Buggy IEC104 dissector caused by commit r48958. (Bug
8849)
* ansi_637_tele dissector displays MSB as MBS for Call-Back
Number. (Bug 8851)
* LISP Map-Notify flags I and R shown incorrectly. (Bug
8852)
* ONTAP_V4 fhandle decoding leads to dissector bug. (Bug
8853)
* Dropped bytes in imap dissector. (Bug 8857)
* Kismet drone/server dissector improvements. (Bug 8864)
* TShark iostat_draw sizeof mismatch. (Bug 8888)
* SCTP bytes graph crash. (Bug 8889)
* Patch to Wireshark/tshark usage info and man pages to
document all timestamp (-t) options. (Bug 8906)
* Strange behavior of tree expand/collapse in packet details.
(Bug 8908)
* Graph Filter field limited to 256 characters. (Bug
8909)
* Filter doesn't support cflow ASN larger than 65535.
(Bug 8959)
* Wireshark crashes when switching from a v1.11.0 profile to
a v1.4.6 prof and then to a v1.5.1 prof. (Bug 8884)
* SIP stats shows incorrect values for Max/Ave setup times.
(Bug 8897)
* NFSv4 delegation not reported correctly. (Bug 8920)
* Issue with Capture Options Adapter List. (Bug 8932)
* RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility
option IPv4 DHCP Support Mode Option malformed packet.
(Bug 8957)
* RFC 3775 - Mobility Support in IPv6 - Mobility option PadN
incorrectly highlights + 2 bytes. (Bug 8958)
* All mongodb query show as .
(Bug 8960)
- Updated Protocol Support
ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB,
DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP,
DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE
802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,,
Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1,
PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI,
SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
- New and Updated Capture File Support
Microsoft Network Monitor, pcap-ng.
Wireshark on 32- and 64-bit Windows supports automatic updates.
The packet bytes view is faster.
You can now display a list of resolved host names in "hosts" format within Wireshark.
The wireless toolbar has been updated.
Wireshark on Linux does a better job of detecting interface addition and removal.
It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
USB type and product name support has been improved.
All Bluetooth profiles and protocols are now supported.
Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
Capinfos now prints human-readable statistics with SI suffixes by default.
It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
Wireshark can be compiled using GTK+ 3.
The Wireshark application icon, capture toolbar icons, and other icons have been updated.
Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-32
The CAPWAP dissector could crash. Discovered by Laurent Butti.
(Bug 8725)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
o wnpa-sec-2013-33
The GMR-1 BCCH dissector could crash. Discovered by Sylvain
Munaut and Laurent Butti. (Bug 7664, Bug 8726 )
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-34
The PPP dissector could crash. Discovered by Laurent Butti.
(Bug 7880, Bug 8727 )
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-35
The NBAP dissector could crash. (Bug 8697)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-36
The RDP dissector could crash. Discovered by Laurent Butti
(Bug 8729)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-37
The GSM CBCH dissector could crash. Discovered by Laurent
Butti (Bug 8730)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-38
The Assa Abloy R3 dissector could consume excessive memory and
CPU. (Bug 8764)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-39
The HTTP dissector could overrun the stack. (Bug 8733)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
o wnpa-sec-2013-40
The Ixia IxVeriWave file parser could overflow the heap.
Discovered by Sachin Shinde. (Bug 8760)
Versions affected: 1.8.0 to 1.8.7.
o wnpa-sec-2013-41
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
The following bugs have been fixed:
o TRY_TO_FAKE_THIS_ITEM disables bounds errors. (Bug 3290)
o Multiple expert info in a packet does not cause the most
"severe" to be displayed in expert column. (Bug 7733)
o tshark -z io,stat reports bad byte counts if filter doesn't
match anything. (Bug 8066)
o Add decryption for WPA eapol 4-way handshake. (Bug 8680)
o wireshark is crashing while attempting to use 'SCTP' ->
'Prepare Filter for this Association'. (Bug 8731)
o Crash analyzing VoIP Calls (T38). (Bug 8736)
o IMAP Dissector, Missing byte. (Bug 8739)
o C12.22 Invocation Id shows negative sometimes. (Bug 8744)
o gsm_a_dtap dissector (SMS): under certain conditions fillbits
may be displayed for an alphanumeric TP-Originating-Address.
(Bug 8756)
o TETRA dissector assertion. (Bug 8768)
o Mark retransmitted SYN and FIN packets as retransmissions.
- Updated Protocol Support
Bittorrent DHT, C12.22, CAPWAP, DCP ETSI, EAPOL, GMR-1 BCCH, GSM
CBCH, GSM SMS, HTTP, IMAP, NBAP, PPP, R3, RDP, SGsAP, T.38, TETRA
- New and Updated Capture File Support
Ixia IxVeriWave.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-23
The RELOAD dissector could go into an infinite loop.
Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
Versions affected: 1.8.0 to 1.8.6.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-24
The GTPv2 dissector could crash. (Bug 8493)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-25
The ASN.1 BER dissector could crash. (Bug 8599)
Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
o wnpa-sec-2013-26
The PPP CCP dissector could crash. (Bug 8638)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-27
The DCP ETSI dissector could crash. Discovered by Evan Jensen.
(Bug 8231, bug 8540, bug 8541)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-28
The MPEG DSM-CC dissector could crash. (Bug 8481)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-29
The Websocket dissector could crash. Discovered by Moshe
Kaplan. (Bug 8448, Bug 8499)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-30
The MySQL dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8458)
Versions affected: 1.8.0 to 1.8.6.
o wnpa-sec-2013-31
The ETCH dissector could go into a large loop. Discovered by
Moshe Kaplan. (Bug 8464)
Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
o The Windows installer and uninstaller does a better job of
detecting running executables.
o Library mismatch when compiling on a system with an older
Wireshark version. (Bug 6011)
o SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
o A console window is never opened. (Bug 7755)
o GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
o Fix include and libs search path when cross compiling. (Bug
7926)
o PER dissector crash. (Bug 8197)
o pcap-ng: name resolution block is not written to file on save.
(Bug 8317)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Decoding of GSM MAP E164 Digits. (Bug 8450)
o Silent installer and uninstaller not silent. (Bug 8451)
o Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to
placate recent autotools. (Bug 8452)
o Wifi details are not stored in the Decryption Key Management
dialog (post 1.8.x). (Bug 8446)
o IO Graph should not be limited to 100k points (NUM_IO_ITEMS).
(Bug 8460)
o geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit
field truncated to 23 bits. (Bug 8532)
o IRC message with multiple params causes malformed packet
exception. (Bug 8548)
o Part of Ping Reply Message in ICMPv6 Reply Message is marked
as "Malformed Packet". (Bug 8554)
o MP2T wiretap heuristic overriding ERF. (Bug 8556)
o Cannot read content of Ran Information Application Error Rim
Container. (Bug 8559)
o Endian error and IP:Port error when decoding BT-DHT response
message. (Bug 8572)
o "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be
"ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
o wireshark crashes while displaying I/O Graph. (Bug 8583)
o GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded)
incorrectly. (Bug 8596)
o DTLS 1.2 uses wrong PRF. (Bug 8608)
o RTP DTMF digits are no longer displayed in VoIP graph
analysis. (Bug 8610)
o Universal port not accepted in RSA Keys List window. (Bug
8618)
o Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
o LISP control packet incorrectly identified as LISP data based
when UDP source port is 4341. (Bug 8627)
o Bad tcp checksum not detected. (Bug 8629)
o AMR Frame Type uses wrong Value String. (Bug 8681)
- Updated Protocol Support
AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson
A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave,
IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP,
SIP, SSL/TLS, TCP, UA3G
- New and Updated Capture File Support
Endace ERF, NetScreen snoop.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-10
The TCP dissector could crash. (Bug 8274)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2475
o wnpa-sec-2013-11
The HART/IP dissectory could go into an infinite loop. (Bug
8360)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2476
o wnpa-sec-2013-12
The CSN.1 dissector could crash. Discovered by Laurent Butti.
(Bug 8383)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2477
o wnpa-sec-2013-13
The MS-MMS dissector could crash. Discovered by Laurent Butti.
(Bug 8382)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2478
o wnpa-sec-2013-14
The MPLS Echo dissector could go into an infinite loop.
Discovered by Laurent Butti. (Bug 8039)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2479
o wnpa-sec-2013-15
The RTPS and RTPS2 dissectors could crash. Discovered by
Alyssa Milburn. (Bug 8332)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2480
o wnpa-sec-2013-16
The Mount dissector could crash. Discovered by Alyssa Milburn.
(Bug 8335)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2481
o wnpa-sec-2013-17
The AMPQ dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8337)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2482
o wnpa-sec-2013-18
The ACN dissector could attempt to divide by zero. Discovered
by Alyssa Milburn. (Bug 8340)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2483
o wnpa-sec-2013-19
The CIMD dissector could crash. Discovered by Moshe Kaplan.
(Bug 8346)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2484
o wnpa-sec-2013-20
The FCSP dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8359)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2485
o wnpa-sec-2013-21
The RELOAD dissector could go into an infinite loop.
Discovered by Even Jensen. (Bug 8364)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-22
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8380)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2488
The following bugs have been fixed:
o Lua pinfo.cols.protocol not holding value in postdissector.
(Bug 6020)
o data combined via ssl_desegment_app_data not visible via
"Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)
o HTTP application/json-rpc should be decoded/shown as
application/json. (Bug 7939)
o Maximum value of 802.11-2012 Duration field should be 32767.
(Bug 8056)
o Voice RTP player crash if player is closed while playing. (Bug
8065)
o Display Filter Macros crash. (Bug 8073)
o RRC RadioBearerSetup message decoding issue. (Bug 8290)
o R-click filters add ! in front of field when choosing "apply
as filter>selected". (Bug 8297)
o BACnet - Loop Object - Setpoint-Reference property does not
decode correctly. (Bug 8306)
o WMM TSPEC Element Parsing is not done is wrong due to a wrong
switch case number. (Bug 8320)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Registering ieee802154 dissector for IEEE802.15.4 frames
inside Linux SLL frames. (Bug 8325)
o Version Field is skipped while parsing WMM_TSPEC causing wrong
dissecting (1 byte offset missing) of all fields in the TSPEC.
(Bug 8330)
o [BACnet] UCS-2 strings longer than 127 characters do not
decode correctly. (Bug 8331)
o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug
8345)
o Decoding of GSM MAP SMS Diagnostics. (Bug 8378)
o Incorrect packet length displayed for Flight Message Transfer
Protocol (FMTP). (Bug 8407)
o Netflow dissector flowDurationMicroseconds nanosecond
conversion wrong. (Bug 8410)
o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)
- Updated Protocol Support
ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS,
FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE
802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow,
RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-01
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI
DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS,
SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs
8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-02
The CLNP dissector could crash. Discovered independently by
Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-03
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-04
The MS-MMC dissector (and possibly others) could crash. (Bug
8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-05
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-06
The ROHC dissector could crash. (Bug 7679)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-07
The DCP-ETSI dissector could corrupt memory. Discovered by
Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-08
The Wireshark dissection engine could crash. Discovered by
Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
o wnpa-sec-2013-09
The NTLMSSP dissector could overflow a buffer. Discovered by
Ulf Härnhammar. (Bug X)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
- The following bugs have been fixed:
o SNMPv3 Engine ID registration. (Bug 2426)
o Wrong decoding of gtp.target identification. (Bug 3974)
o Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
o Wireshark crashes when starting due to out-of-date plugin left
behind from earlier installation. (Bug 7401)
o Failed to dissect TLS handshake packets. (Bug 7435)
o ISUP dissector problem with empty Generic Number. (Bug 7632)
o Illegal character is used in temporary capture file name. (Bug
7877)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o Timestamp info is not saved correctly when writing DOS Sniffer
files. (Bug 7998)
o 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
o Core dumped when the file is closed. (Bug 8022)
o LPP is misspelled in APDU parameter in
e-CIDMeasurementInitiation request for LPPA message. (Bug
8023)
o Wrong packet bytes are selected for ISUP CUG binary code. (Bug
8035)
o Decodes FCoE Group Multicast MAC address as Broadcom MAC
address. (Bug 8046)
o The SSL dissector stops decrypting the SSL conversation with
Malformed Packet:SSL error messages. (Bug 8075)
o Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
o Some Information Elements in GTPv2 are not dissected
correctly. (Bug 8079)
o Wrong bytes highlighted with "Find Packet...". (Bug 8085)
o 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
o Wireshark does not show "Start and End Time" information for
Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
o GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag
in Common Flags IE. (Bug 8193)
o Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC &
ECI. (Bug 8208)
o Version Number in EtherIP dissector. (Bug 8211)
o Warn Dissector bug, protocol JXTA. (Bug 8212)
o Electromagnetic Emission Parser parses field Event Id as
Entity Id. (Bug 8227)
- Updated Protocol Support
ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1,
DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP,
Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow,
IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS,
NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
- New and Updated Capture File Support
DOS Sniffer
- The following vulnerabilities have been fixed.
o wnpa-sec-2012-30
Wireshark could leak potentially sensitive host name
resolution information when working with multiple pcap-ng
files. Discovered by Laura Chappell.
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-31
The USB dissector could go into an infinite loop. (Bug 7787)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-32
The sFlow dissector could go into an infinite loop. (Bug 7789)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-33
The SCTP dissector could go into an infinite loop. (Bug 7802)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-34
The EIGRP dissector could go into an infinite loop. (Bug 7800)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-35
The ISAKMP dissector could crash. (Bug 7855)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-36
The iSCSI dissector could go into an infinite loop. (Bug 7858)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-37
The WTP dissector could go into an infinite loop. (Bug 7869)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-38
The RTCP dissector could go into an infinite loop. (Bug 7879)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-39
The 3GPP2 A11 dissector could go into an infinite loop. (Bug
7801)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-40
The ICMPv6 dissector could go into an infinite loop. (Bug
7844)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The following bugs have been fixed:
o Menu and Title bars inaccessible using GTK2 (non-legacy) with
two monitors. (Bug 553)
o 802.11 Probe Response fails to parse. (Bug 1284)
o Tshark - decimal symbol. (Bug 2880)
o Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
o SSL decryption not work even with example capture file and
key. (Bug 6869)
o Info line is incorrect on SIP message containing another SIP
message in body. (Bug 7780)
o OOPS: dissector table "sctp.ppi" doesn't exist Protocol being
registered is "Datagram Transport Layer Security". (Bug 7784)
o Dissection of IEEE 802.11 Channel Switch Announcement element
fails. (Bug 7797)
o Invalid memory accesses when loading RADIUS captures. (Bug
7803)
o ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
o We don't handle pcap-ng files with IDBs that come after packet
blocks. (Bug 7851)
o '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA
dialog does not work. (Bug 7866)
o nas_eps dissector does not decode some esm message. (Bug 7912)
o WLAN decryption status not updated after updating WEP/WPA
keys. (Bug 7921)
o IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
o Print GNUTLS error message if PEM import fails. (Bug 7948)
o GSM classmark3 8-PSK decode error. (Bug 7964)
o Parsing the Server Name Indication extension in SSL/TLS
traffic reads some fields incorrectly. (Bug 7967)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
o Misspelling (typo) in IPv6 display filter field name. (Bug
8006)
o Two BSSGP dissector bugs. (Bug 8008)
o Core dump during SCTP association analysis. (Bug 8011)
- Updated Protocol Support
3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE
802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism,
RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
- New and Updated Capture File Support
CommView NCF, iSeries, pcap-ng.
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-26
The HSRP dissector could go into an infinite loop. (Bug 7581)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5237
o wnpa-sec-2012-27
The PPP dissector could abort. (Bug 7316, bug 7668)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5238
o wnpa-sec-2012-28
Martin Wilck discovered an infinite loop in the DRDA
dissector. (Bug 7666)
Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
CVE-2012-5239
o wnpa-sec-2012-29
Laurent Butti discovered a buffer overflow in the LDP
dissector. (Bug 7567)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5240
The following bugs have been fixed:
o The HTTP dissector does not reassemble headers when the first
TCP segment does not contain a full header line.
o HDCP2 uses the wrong protocol id.
o Several I/O graph problems have been fixed.
o No markers show up when maps are displayed. (Bug 5016)
o Assertion when using tshark/wireshark on large captures. (Bug
5699)
o Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume
level" reply packet is not displayed correctly due alignment
issue. (Bug 5778)
o 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit
Windows. (Bug 5979)
o Truncated/partial JPEG files are not dissected. (Bug 6230)
o Support for MPLS Packet Loss and Delay Measurement, RFC 6374.
(Bug 6881)
o Memory leak in voip_calls.c. (Bug 7320)
o When listing protocols available for "Decode As", plugins are
sorted after built-ins. (Bug 7348)
o Hidden columns should not be printed when printing packet
summary line. (Bug 7356)
o Size wrong in "File Set List" for just-finished captures. (Bug
7370)
o Error: no dependency information found for
debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used
by debian/wireshark/usr/bin/wireshark). (Bug 7408)
o Parse and properly display LTE RADIUS AVP
3GPP-User-Location-Info. (Bug 7474)
o [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
o BACnet GetEnrollmentSummary-ACK does not decode correctly.
(Bug 7556)
o epan/dissectors/packet-per.c
dissect_per_constrained_integer_64b fails for 64 bits. (Bug
7624)
o New SCTP PPID 48. (Bug 7635)
o dissector of Qos attribute "Reliability Class" in GMM/SM
message. (Bug 7670)
o Performance regression in tshark -z io,stat. (Bug 7674)
o Incorrect io-stat table format when unsupported "-t" operand
is specified and when using AVG of relative_time fields. (Bug
7685)
o IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
o Homeplug AV dissectors does not properly dissect short frames.
(Bug 7707)
o mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not
dissected properly in ContextResponse message in Gtpv2. (Bug
7718)
o This trace causes Wireshark to crash when VoIP Calls selected.
(Bug 7724)
o Some diameter Gx enumerations are missing values or value is
incorrect. (Bug 7727)
o Wireshark 1.8.2 is only displaying 2 filters from the
drop-down menu even when preferences are set to higher
integer. (Bug 7731)
o BGP bad decoding for Graceful Restart Capability with only
helper support & for Enhanced Route Refresh Capability. (Bug
7734)
o Dissection error of D-RELEASE and D-CONNECT in TETRA
dissector. (Bug 7736)
o DND can cause Wireshark to crash. (Bug 7744)
o SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
- Updated Protocol Support
ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM
Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE
802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP,
PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
- The following vulnerabilities have been fixed:
o wnpa-sec-2012-08
Infinite and large loops in the ANSI MAP, ASF, BACapp,
Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors
have been fixed. Discovered by Laurent Butti. (Bugs 6805,
7118, 7119, 7120, 7121, 7122, 7124, 7125)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-09
The DIAMETER dissector could try to allocate memory improperly
and crash. (Bug 7138)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-10
Wireshark could crash on SPARC processors due to misaligned
memory. Discovered by Klaus Heckelmann. (Bug 7221)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
- The following bugs have been fixed:
o User-Password - PAP decoding passwords longer than 16 bytes.
(Bug 6779)
o The MSISDN is not seen correctly in GTP packet. (Bug 7042)
o Wireshark doesn't calculate the right IPv4 destination using
source routing options when bad options precede them. (Bug
7043)
o BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug
7047)
o MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW
packets. (Bug 7089)
o ANSI MAP infinite loop. (Bug 7119)
o HCIEVT infinite loop. (Bug 7122)
o Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)
o LTP infinite loop. (Bug 7124)
o Wrong values in DNS CERT RR. (Bug 7130)
o Megaco parser problem with LF in header. (Bug 7198)
o OPC UA bytestring node id decoding is wrong. (Bug 7226)
- Updated Protocol Support
ANSI MAP, ASF, BACapp, Bluetooth HCI, DHCP, DIAMETER, DNS, GTP,
IEEE 802.11, IEEE 802.3, IPv4, LTP, Megaco, MPLS, NFS, OPC UA,
RADIUS
- New and Updated Capture File Support
5View, CSIDS, pcap, pcap-ng
wiz
markd
ryoon
adam
tnn
dsainty
tron
christos
drochner