Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed.
The DCP ETSI dissector could trigger a zero division. Reported by Laurent Butti. (Bug 7566)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The MongoDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7572)
Versions affected: 1.8.0 to 1.8.1.
The XTP dissector could go into an infinite loop. Reported by Ben Schmidt. (Bug 7571)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The ERF dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7563)
Versions affected: 1.8.0 to 1.8.1.
The AFP dissector could go into a large loop. Reported by Stefan Cornelius. (Bug 7603)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The RTPS2 dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7568)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The GSM RLC MAC dissector could overflow a buffer. Reported by Laurent Butti. (Bug 7561)
Versions affected: 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The CIP dissector could exhaust system memory. Reported by Ben Schmidt. (Bug 7570)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The STUN dissector could crash. Reported by Laurent Butti. (Bug 7569)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The EtherCAT Mailbox dissector could abort. Reported by Laurent Butti. (Bug 7562)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The CTDB dissector could go into a large loop. Reported by Ben Schmidt. (Bug 7573)
Versions affected: 1.4.0 to 1.4.14, 1.6.0 to 1.6.9, 1.8.0 to 1.8.1.
The pcap-ng file parser could trigger a zero division. (Bug 7533)
Versions affected: 1.8.0 to 1.8.1.
The Ixia IxVeriWave file parser could overflow a buffer. (Bug 7533)
Versions affected: 1.8.0 to 1.8.1.
The following bugs have been fixed:
Move Y.1711 out of MPLS dissector. (Bug 6787)
Patch: Add frame.interface_id support for ERF file format. (Bug 7266)
Freeze when Resizing or Moving while capturing. (Bug 7305)
Wireshark crashes when using multiple files. (Bug 7423)
Wireshark crashes on opening very short NFS pcap file. (Bug 7498)
Analyze->Apply as Filter and Analyze->Prepare a Filter cause crashes. (Bug 7506)
crashes in interface list, pipe handling. (Bug 7511)
ISDN LAPD X.31 packet traffic can not be decoded. (Bug 7514)
GIOP request_id used for sub dissectors is not assigned when decoding GIOP 1.2 Request message. (Bug 7516)
pcap-ng -ISB always writes 0 for isb_ifrecv option. (Bug 7523)
GSM classmark3 decode wrong. (Bug 7524)
mem corruption\heap corruption\div0 bugs. (Bug 7533)
DNS AD flag not shown properly. (Bug 7555)
Wireshark and TShark crash at start with invalid color filter on SPARC. (Bug 7634)
AFP, Apache JServ Protocol v1.3, Bluetooth L2CAP, CIP, CTDB, DCP ETSI, ERF, EtherCAT Mailbox, FC Link Control, GIOP, GSM A, GSM RLC MAC, GTP, GTPv2, ISDN, LISP, MongoDB, MPLS ITU-T Y.1711 OAM, MPLS PM, NFS, RTPS2, SCTP, STUN, XTP
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.