Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Security Advisories

The following Wireshark releases fix serious security vulnerabilities. If you are running a vulnerable version of Wireshark you should consider upgrading.

wnpa-sec-2012-10: Memory alignment flaw
wnpa-sec-2012-09: DIAMETER memory allocation flaw
wnpa-sec-2012-08: Infinite and large loops in many dissectors
wnpa-sec-2012-07: MP2T memory allocation flaw
wnpa-sec-2012-06: Pcap and pcap-ng file format crash
wnpa-sec-2012-05: 802.11 infinite loop
wnpa-sec-2012-04: ANSI A dissector crash
wnpa-sec-2012-03: RLC dissector buffer overflow
wnpa-sec-2012-02: NULL pointer vulnerabilities
wnpa-sec-2012-01: Multiple file parser vulnerabilities
wnpa-sec-2011-19: ERF file parser vulnerability
wnpa-sec-2011-18: Infiniband dissector vulnerability
wnpa-sec-2011-17: CSN.1 dissector vulnerability
wnpa-sec-2011-16: CSN.1 dissector vulnerability
wnpa-sec-2011-15: Lua script execution vulnerability
wnpa-sec-2011-14: Buffer exception handling vulnerability
wnpa-sec-2011-13: IKE dissector vulnerability
wnpa-sec-2011-12: OpenSafety dissector vulnerability
Fixed in Wireshark 1.6.1: Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark® version 1.6.0 to 1.6.1
Fixed in Wireshark 1.4.8: Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark® version 1.4.0 to 1.4.7
Fixed in Wireshark 1.2.18: Lucent/Ascend file parser vulnerability in Wireshark® version 1.2.0 to 1.2.17
Fixed in Wireshark 1.4.7: Multiple vulnerabilities in Wireshark® version 1.4.0 to 1.4.6
Fixed in Wireshark 1.2.17: Multiple vulnerability in Wireshark® version 1.2.0 to 1.2.16
Fixed in Wireshark 1.4.5: DECT, NFS, and X.509if vulnerabilities in Wireshark® version 1.4.0 to 1.4.4
Fixed in Wireshark 1.2.16: X.509if vulnerability in Wireshark® version 1.2.0 to 1.2.14
Fixed in Wireshark 1.4.4: Multiple vulnerabilities in Wireshark® version 1.4.0 to 1.4.3
Fixed in Wireshark 1.2.15: Multiple vulnerabilities in Wireshark® version 1.2.0 to 1.2.14
Fixed in Wireshark 1.4.3: MAC-LTE, ENTTEC and ASN.1 BER vulnerabilities in Wireshark® version 1.4.0 to 1.4.2
Fixed in Wireshark 1.2.14: MAC-LTE and ENTTEC vulnerabilities in Wireshark® version 1.2.0 to 1.2.13
Fixed in Wireshark 1.4.2: LDSS and ZigBee ZCL vulnerabilities in Wireshark® version 1.4.0 to 1.4.1
Fixed in Wireshark 1.2.13: LDSS vulnerability in Wireshark® version 1.2.0 to 1.2.12
Fixed in Wireshark 1.4.1: ASN.1 BER vulnerability in Wireshark® version 1.4.0 to 1.4.1
Fixed in Wireshark 1.2.12: ASN.1 BER vulnerability in Wireshark® version 1.2.0 to 1.2.10
Fixed in Wireshark 1.2.11: DLL hijacking vulnerability in Wireshark® version 1.2.0 to 1.2.10
Fixed in Wireshark 1.0.16: DLL hijacking vulnerability in Wireshark® version 0.8.4 to 1.0.15
Fixed in Wireshark 1.2.10: Multiple vulnerabilities in Wireshark® version 1.2.0 to 1.2.9
Fixed in Wireshark 1.0.15: Multiple vulnerabilities in Wireshark® version 0.10.8 to 1.0.14
Fixed in Wireshark 1.2.9: Multiple vulnerabilities in Wireshark® version 1.2.0 to 1.2.8
Fixed in Wireshark 1.0.14: Multiple vulnerabilities in Wireshark® version 0.8.20 to 1.0.13
Fixed in Wireshark 1.2.8: DOCSIS vulnerability in Wireshark® versions 1.2.0 to 1.2.7
Fixed in Wireshark 1.0.13: DOCSIS vulnerability in Wireshark® versions 0.9.6 to 1.0.12
Fixed in Wireshark 1.2.6: LWRES vulnerability in Wireshark® versions 0.9.0 to 1.0.10, 1.2.0 to 1.2.5
Fixed in Wireshark 1.0.11: Multiple problems in Wireshark® versions 0.9.0 to 1.0.10, 1.2.0 to 1.2.5
Fixed in Wireshark 1.2.5: Multiple problems in Wireshark® versions 0.9.0 to 1.2.4
Fixed in Wireshark 1.0.10: Multiple problems in Wireshark® versions 0.10.10 to 1.0.9
Fixed in Wireshark 1.2.3: Multiple problems in Wireshark® versions 0.10.10 to 1.0.9, 1.2.0 to 1.2.2
Fixed in Wireshark 1.2.2: Multiple problems in Wireshark® versions 0.99.6 to 1.2.1
Fixed in Wireshark 1.2.1: Multiple problems in Wireshark® versions 0.9.2 to 1.2.0
Fixed in Wireshark 1.0.10: Multiple problems in Wireshark® versions 0.10.10 to 1.0.9, 1.2.0 to 1.2.2
Fixed in Wireshark 1.0.9: Multiple problems in Wireshark® versions 0.9.2 to 1.0.8
Fixed in Wireshark 1.0.8: Multiple problems in Wireshark® versions 0.8.20 to 1.0.7
Fixed in Wireshark 1.0.7: Multiple problems in Wireshark® versions 0.9.6 to 1.0.6
Fixed in Wireshark 1.0.6: Multiple problems in Wireshark® versions 0.99.6 to 1.0.5
Fixed in Wireshark 1.0.5: Multiple problems in Wireshark® versions 0.99.0 to 1.0.4
Fixed in Wireshark 1.0.4: Multiple problems in Wireshark® versions 0.10.3 to 1.0.3
Fixed in Wireshark 1.0.3: Multiple problems in Wireshark® versions 0.9.7 to 1.0.2
Fixed in Wireshark 1.0.2: Multiple problems in Wireshark® versions 0.8.19 to 1.0.1
Fixed in Wireshark 1.0.1: Multiple problems in Wireshark® versions 0.9.5 to 1.0.0
Fixed in Wireshark 1.0.0: Multiple problems in Wireshark® versions 0.99.2 to 0.99.8
Fixed in Wireshark 0.99.8: Multiple problems in Wireshark (formerly Ethereal®) versions 0.6.0 to 0.99.7
Fixed in Wireshark 0.99.7: Multiple problems in Wireshark (formerly Ethereal) versions 0.9.14 to 0.99.6
Fixed in Wireshark 0.99.6: Multiple problems in Wireshark (formerly Ethereal) versions 0.8.20 to 0.99.5
Fixed in Wireshark 0.99.5: Multiple problems in Wireshark (formerly Ethereal) versions 0.10.14 to 0.99.4
Fixed in Wireshark 0.99.4: Multiple problems in Wireshark (formerly Ethereal) versions 0.9.8 to 0.99.3
Fixed in Wireshark 0.99.3: Multiple vulnerabilities in Wireshark 0.99.2 and Ethereal 0.7.9 to 0.99.0
Fixed in Wireshark 0.99.2: Multiple vulnerabilities in Ethereal 0.8.14 to 0.99.0

Reporting Security Problems

If you've found a security problem with Wireshark we want to hear about it. You can let us know about security-related issues via the following channels:

Email: security[AT]wireshark.org. In cases where confidentiality is a concern, you can use our GPG key (id 0x21F2949A).
Web: Our bug tracking system. Bugs can be marked "private" if needed.
Telephone: Contact CACE Technologies at +1.530.758.2790.