Security Advisories

The following Wireshark releases fix serious security vulnerabilities. If you are running a vulnerable version of Wireshark you should consider upgrading.

2017

wnpa-sec-2017-02. DHCPv6 large loop. Fixed in 2.2.4, 2.0.10.

wnpa-sec-2017-01. ASTERIX infinite loop. Fixed in 2.2.4, 2.0.10.

2016

wnpa-sec-2016-62. DTN infinite loop. Fixed in 2.2.2, 2.0.8.

wnpa-sec-2016-61. DCERPC crash. Fixed in 2.2.2, 2.0.8.

wnpa-sec-2016-60. OpenFlow crash. Fixed in 2.2.2, 2.0.8.

wnpa-sec-2016-59. AllJoyn crash. Fixed in 2.2.2, 2.0.8.

wnpa-sec-2016-58. Profinet I/O long loop. Fixed in 2.2.2.

wnpa-sec-2016-57. NCP dissector crash. Fixed in 2.2.1.

wnpa-sec-2016-56. Bluetooth L2CAP dissector crash. Fixed in 2.2.1.

wnpa-sec-2016-55. IPMI Trace dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-54. Catapult DCT2000 dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-53. UMTS FP dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-52. Catapult DCT2000 dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-51. H.225 dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-50. QNX6 QNET dissector crash. Fixed in 2.0.6.

wnpa-sec-2016-49. WBXML crash. Fixed in 2.0.5.

wnpa-sec-2016-48. MMSE, WAP, WBXML, and WSP infinite loop.. Fixed in 2.0.5.

wnpa-sec-2016-47. OpenFlow long loop. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-46. RLC dissector crash. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-45. LDSS dissector crash. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-44. RLC long loop. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-43. MMSE infinite loop. Fixed in 1.12.13.

wnpa-sec-2016-42. WSP infinite loop. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-41. PacketBB crash. Fixed in 2.0.5, 1.12.13.

wnpa-sec-2016-40. NDS dissector crash. Fixed in 1.12.13.

wnpa-sec-2016-39. CORBA IDL dissector crash on 64-bit Windows.. Fixed in 2.0.5.

wnpa-sec-2016-38. WBXML infinite loop. Fixed in 1.12.12.

wnpa-sec-2016-37. Ethernet dissector crash. Fixed in 2.0.4.

wnpa-sec-2016-36. NetScreen file parser crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-35. CoSine file parser crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-34. Toshiba file parser crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-33. USB dissector crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-32. UMTS FP crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-31. Name. Fixed in 2.0.4.

wnpa-sec-2016-30. IEEE 802.11 dissector crash. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-29. SPOOLS infinite loop. Fixed in 2.0.4, 1.12.12.

wnpa-sec-2016-28. NCP dissector crash. Fixed in 1.12.11.

wnpa-sec-2016-27. MS-WSP dissector crash. Fixed in 2.0.3.

wnpa-sec-2016-26. GSM CBCH dissector crash. Fixed in 2.0.3, 1.12.11.

wnpa-sec-2016-25. Wireshark and TShark crash. Fixed in 2.0.3, 1.12.11.

wnpa-sec-2016-24. IAX2 infinite loop. Fixed in 2.0.3, 1.12.11.

wnpa-sec-2016-23. PKTC dissector crash. Fixed in 2.0.3, 1.12.11.

wnpa-sec-2016-22. PKTC dissector crash. Fixed in 2.0.3, 1.12.11.

wnpa-sec-2016-21. IEEE 802.11 dissector crash. Fixed in 2.0.3.

wnpa-sec-2016-20. TShark reassembly crash. Fixed in 2.0.3.

wnpa-sec-2016-19. NCP dissector crash. Fixed in 2.0.3.

wnpa-sec-2016-18. ASN.1 BER dissector crash.. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-17. NFS dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-16. SPICE dissector large loop. Fixed in 2.0.2.

wnpa-sec-2016-15. ASN.1 BER dissector crash. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-14. GSM A-bis OML dissector crash. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-13. IEEE 802.11 dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-12. Ixia IxVeriWave file parser crash. Fixed in 2.0.2.

wnpa-sec-2016-11. LLRP dissector crash. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-10. RSL dissector crash. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-09. iSeries file parser crash. Fixed in 2.0.2.

wnpa-sec-2016-08. LBMC dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-07. 3GPP TS 32.423 Trace file parser crash. Fixed in 2.0.2.

wnpa-sec-2016-06. HiQnet dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-05. HTTP/2 dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-04. X.509AF crash. Fixed in 2.0.2.

wnpa-sec-2016-03. DNP3 dissector infinite loop. Fixed in 2.0.2, 1.12.10.

wnpa-sec-2016-02. ASN.1 BER dissector crash. Fixed in 2.0.2.

wnpa-sec-2016-01. DLL hijacking vulnerability in Wireshark. Fixed in 2.0.2, 1.12.10.

2015

wnpa-sec-2015-60. MS-WSP dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-59. PPI dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-58. TDS dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-57. IPMI dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-56. S7COMM dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-55. MP2T file parser crash. Fixed in 2.0.1.

wnpa-sec-2015-54. MP2T file parser crash. Fixed in 2.0.1.

wnpa-sec-2015-53. BT ATT dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-52. NWP dissector crash. Fixed in 2.0.1.

wnpa-sec-2015-51. Sniffer file parser crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-50. ZigBee ZCL dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-49. RSL dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-48. NBAP dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-47. Ascend file parser crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-46. ANSI A & GSM A dissector crashes. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-45. RSVP dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-44. VeriWave file parser crashes. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-43. DIAMETER dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-42. 802.11 decryption crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-41. SCTP dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-40. Zlib decompression crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-39. BER dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-38. DNS dissector crash. Fixed in 1.12.9.

wnpa-sec-2015-37. NLM dissector crash. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-36. SDP dissector crash. Fixed in 1.12.9.

wnpa-sec-2015-35. T.38 dissector crash. Fixed in 1.12.9.

wnpa-sec-2015-34. AllJoyn dissector infinite loop. Fixed in 1.12.9.

wnpa-sec-2015-33. DCOM dissector crash. Fixed in 1.12.9.

wnpa-sec-2015-32. UMTS FP dissector crashes. Fixed in 1.12.9.

wnpa-sec-2015-31. NBAP dissector crashes. Fixed in 2.0.1, 1.12.9.

wnpa-sec-2015-30. Pcapng file parser crash. Fixed in 1.12.8.

wnpa-sec-2015-29. WCCP dissector crash. Fixed in 1.12.7.

wnpa-sec-2015-28. Ptvcursor crash. Fixed in 1.12.7.

wnpa-sec-2015-27. OpenFlow dissector infinite loop. Fixed in 1.12.7.

wnpa-sec-2015-26. WaveAgent dissector crash. Fixed in 1.12.7.

wnpa-sec-2015-25. GSM RLC/MAC dissector infinite loop. Fixed in 1.12.7.

wnpa-sec-2015-24. ZigBee dissector crash. Fixed in 1.12.7.

wnpa-sec-2015-23. Dissector table crash. Fixed in 1.12.7.

wnpa-sec-2015-22. Memory manager crash. Fixed in 1.12.7.

wnpa-sec-2015-21. Protocol tree crash. Fixed in 1.12.7.

wnpa-sec-2015-20. GSM DTAP dissector crash. Fixed in 1.12.6.

wnpa-sec-2015-19. WCCP dissector crash. Fixed in 1.12.6.

wnpa-sec-2015-18. Android Logcat file parser crash. Fixed in 1.12.5.

wnpa-sec-2015-17. IEEE 802.11 infinite loop. Fixed in 1.12.5, 1.10.14.

wnpa-sec-2015-16. Reassembly memory leak. Fixed in 1.12.5.

wnpa-sec-2015-15. X11 memory leak. Fixed in 1.12.5, 1.10.14.

wnpa-sec-2015-14. WCP dissector crash. Fixed in 1.12.5, 1.10.14.

wnpa-sec-2015-13. WebSocket DoS. Fixed in 1.12.5.

wnpa-sec-2015-12. LBMR infinite loop. Fixed in 1.12.5.

wnpa-sec-2015-11. SCSI OSD dissector infinite loop. Fixed in 1.12.4.

wnpa-sec-2015-10. TNEF dissector infinite loop. Fixed in 1.12.4, 1.10.13.

wnpa-sec-2015-09. LLDP dissector crash. Fixed in 1.12.4.

wnpa-sec-2015-08. Pcapng file parser crash. Fixed in 1.12.4, 1.10.13.

wnpa-sec-2015-07. WCP dissector crash. Fixed in 1.12.4, 1.10.13.

wnpa-sec-2015-06. ATN-CPDLC dissector crash. Fixed in 1.12.4.

wnpa-sec-2015-05. TLS/SSL decryption crash. Fixed in 1.12.3, 1.10.12.

wnpa-sec-2015-04. SMTP dissector crash. Fixed in 1.12.3, 1.10.12.

wnpa-sec-2015-03. DEC DNA Routing Protocol dissector crash. Fixed in 1.12.3, 1.10.12.

wnpa-sec-2015-02. LPP dissector crash. Fixed in 1.12.3, 1.10.12.

wnpa-sec-2015-01. WCCP dissector crash. Fixed in 1.12.3, 1.10.12.

2014

wnpa-sec-2014-23. TN5250 infinite loops. Fixed in 1.12.2, 1.10.11.

wnpa-sec-2014-22. NCP dissector crashes. Fixed in 1.12.2, 1.10.11.

wnpa-sec-2014-21. AMQP dissector crash. Fixed in 1.12.2, 1.10.11.

wnpa-sec-2014-20. SigComp UDVM buffer overflow. Fixed in 1.12.2, 1.10.11.

wnpa-sec-2014-19. Sniffer file parser crash. Fixed in 1.12.1, 1.10.10.

wnpa-sec-2014-18. SES dissector crash. Fixed in 1.12.1, 1.10.10.

wnpa-sec-2014-17. RTSP dissector crash. Fixed in 1.12.1, 1.10.10.

wnpa-sec-2014-16. HIP infinite loop. Fixed in 1.12.1.

wnpa-sec-2014-15. CUPS dissector crash. Fixed in 1.12.1.

wnpa-sec-2014-14. Netflow dissector crash. Fixed in 1.12.1, 1.10.10.

wnpa-sec-2014-13. MEGACO dissector infinite loop. Fixed in 1.12.1, 1.10.10.

wnpa-sec-2014-12. RTP dissector crash. Fixed in 1.10.10.

wnpa-sec-2014-11. ASN.1 BER dissector crash. Fixed in 1.10.9.

wnpa-sec-2014-10. RLC dissector crash. Fixed in 1.10.9.

wnpa-sec-2014-09. GTP and GSM Management dissector crash. Fixed in 1.10.9.

wnpa-sec-2014-08. Catapult DCT2000 and IrDA dissector crash. Fixed in 1.10.9.

wnpa-sec-2014-07. Frame metadissector crash. Fixed in 1.10.8.

wnpa-sec-2014-06. RTP dissector crash. Fixed in 1.10.7.

wnpa-sec-2014-05. Libpcap file parser crash. Fixed in 1.10.4.

wnpa-sec-2014-04. MPEG file parser buffer overflow. Fixed in 1.10.6, 1.8.13.

wnpa-sec-2014-03. RLC dissector crash. Fixed in 1.10.6, 1.8.13.

wnpa-sec-2014-02. M3UA dissector crash. Fixed in 1.10.6.

wnpa-sec-2014-01. NFS dissector crash. Fixed in 1.10.6, 1.8.13.

2013

wnpa-sec-2013-68. NTLMSSP v2 dissector crash. Fixed in 1.10.4, 1.8.12.

wnpa-sec-2013-67. BSSGP dissector crash. Fixed in 1.10.4.

wnpa-sec-2013-66. SIP dissector infinite loop. Fixed in 1.10.4, 1.8.12.

wnpa-sec-2013-65. TCP dissector crash. Fixed in 1.10.3, 1.8.11.

wnpa-sec-2013-64. ActiveMQ OpenWire dissector large loop. Fixed in 1.10.3, 1.8.11.

wnpa-sec-2013-63. SIP dissector crash. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-62. NBAP dissector crash. Fixed in 1.10.3, 1.8.11.

wnpa-sec-2013-61. IEEE 802.15.4 dissector crash. Fixed in 1.10.3, 1.8.11.

wnpa-sec-2013-60. Netmon file parser crash. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-59. LDAP dissector crash. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-58. MQ dissector crash. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-57. RTPS dissector buffer overflow. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-56. ASSA R3 dissector infinite loop. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-55. NBAP dissector crash. Fixed in 1.10.2, 1.8.10.

wnpa-sec-2013-54. Bluetooth HCI ACL dissector crash. Fixed in 1.10.2.

wnpa-sec-2013-53. PROFINET Real-Time dissector crash. Fixed in 1.10.1.

wnpa-sec-2013-52. ASN.1 PER dissector crash. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-51. Netmon file parser crash. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-50. GSM A Common dissector crash. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-49. GSM RR dissector large loop. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-48. DVB-CI dissector crash. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-47. DIS dissector large loop. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-46. Bluetooth OBEX dissector infinite loop. Fixed in 1.10.1.

wnpa-sec-2013-45. Bluetooth SDP dissector large loop. Fixed in 1.10.1, 1.8.9.

wnpa-sec-2013-44. DCOM ISystemActivator dissector crash. Fixed in 1.10.1.

wnpa-sec-2013-43. Radiotap dissector crash. Fixed in 1.10.1.

wnpa-sec-2013-42. P1 dissector crash. Fixed in 1.10.1.

wnpa-sec-2013-41. DCP ETSI dissector crash. Fixed in 1.10.1, 1.8.8, 1.6.16.

wnpa-sec-2013-40. Ixia IxVeriWave file parser crash. Fixed in 1.8.8.

wnpa-sec-2013-39. HTTP dissector crash. Fixed in 1.8.8, 1.6.16.

wnpa-sec-2013-38. Assa Abloy R3 dissector DOS. Fixed in 1.8.8.

wnpa-sec-2013-37. GSM CBCH dissector crash. Fixed in 1.8.8.

wnpa-sec-2013-36. RDP dissector crash. Fixed in 1.8.8.

wnpa-sec-2013-35. NBAP dissector crash. Fixed in 1.8.8.

wnpa-sec-2013-34. PPP dissector crash. Fixed in 1.8.8.

wnpa-sec-2013-33. GMR-1 BCCH dissector crash. Fixed in 1.8.8.

wnpa-sec-2013-32. CAPWAP dissector crash. Fixed in 1.8.8, 1.6.16.

wnpa-sec-2013-31. ETCH dissector large loop. Fixed in 1.8.7.

wnpa-sec-2013-30. MySQL dissector infinite loop. Fixed in 1.8.7.

wnpa-sec-2013-29. Websocket dissector crash. Fixed in 1.8.7.

wnpa-sec-2013-28. MPEG DSM-CC dissector crash. Fixed in 1.8.7.

wnpa-sec-2013-27. DCP ETSI dissector crash. Fixed in 1.8.7.

wnpa-sec-2013-26. PPP CCP dissector crash. Fixed in 1.8.7.

wnpa-sec-2013-25. ASN.1 BER dissector crash. Fixed in 1.8.7, 1.6.15.

wnpa-sec-2013-24. GTPv2 dissector crash. Fixed in 1.8.7.

wnpa-sec-2013-23. RELOAD dissector infinite loop. Fixed in 1.8.7.

wnpa-sec-2013-22. DTLS dissector crash. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-21. RELOAD dissector infinite loop. Fixed in 1.8.6.

wnpa-sec-2013-20. FCSP dissector infinite loop. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-19. CIMD dissector crash. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-18. ACN dissector divide by zero. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-17. AMPQ dissector infinite loop. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-16. Mount dissector crash. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-15. RTPS and RTPS2 dissector crash. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-14. MPLS Echo dissector infinite loop. Fixed in 1.8.6.

wnpa-sec-2013-13. MS-MMS dissector crash. Fixed in 1.8.6, 1.6.14.

wnpa-sec-2013-12. CSN.1 dissector crash. Fixed in 1.8.6.

wnpa-sec-2013-11. HART/IP dissector infinite loop. Fixed in 1.8.6.

wnpa-sec-2013-10. TCP dissector crash. Fixed in 1.8.6.

wnpa-sec-2013-09. NTLMSSP dissector overflow. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-08. Wireshark dissection engine crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-07. DCP-ETSI dissector crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-06. ROHC dissector crash. Fixed in 1.8.5.

wnpa-sec-2013-05. DTLS dissector crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-04. MS-MMC dissector crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-03. DTN dissector crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-02. CLNP dissector crash. Fixed in 1.8.5, 1.6.13.

wnpa-sec-2013-01. Infinite and large loops in several dissectors. Fixed in 1.8.5, 1.6.13.

2012

wnpa-sec-2012-40. Wireshark ICMPv6 dissector infinite loop. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-39. Wireshark 3GPP2 A11 dissector infinite loop. Fixed in 1.8.4.

wnpa-sec-2012-38. Wireshark RTCP dissector inifinte loop. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-37. Wireshark WTP dissector infinite loop. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-36. Wireshark iSCSI dissector infinite loop. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-35. Wireshark ISAKMP dissector crash. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-34. Wireshark EIGRP dissector infinite loop. Fixed in 1.8.4.

wnpa-sec-2012-33. Wireshark SCTP dissector infinite loop. Fixed in 1.8.4.

wnpa-sec-2012-32. Wireshark sFlow dissector infinite loop. Fixed in 1.8.4.

wnpa-sec-2012-31. Wireshark USB dissector infinite loop. Fixed in 1.8.4, 1.6.12.

wnpa-sec-2012-30. Wireshark pcap-ng host name disclosure. Fixed in 1.8.4.

wnpa-sec-2012-29. Wireshark LDP dissector buffer overflow. Fixed in 1.8.3.

wnpa-sec-2012-28. Wireshark DRDA dissector infinite loop. Fixed in 1.8.3, 1.6.11.

wnpa-sec-2012-27. Wireshark PPP dissector crash. Fixed in 1.8.3.

wnpa-sec-2012-26. Wireshark HSRP dissector infinite loop. Fixed in 1.8.3.

wnpa-sec-2012-25. Wireshark Ixia IxVeriWave file parser buffer overflow. Fixed in 1.8.2.

wnpa-sec-2012-24. Wireshark pcap-ng file parser zero division. Fixed in 1.8.2.

wnpa-sec-2012-23. Wireshark CTDB dissector large loop. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-22. Wireshark EtherCAT Mailbox dissector abort. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-21. Wireshark STUN dissector crash. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-20. Wireshark CIP dissector memory exhaustion. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-19. Wireshark GSM RLC MAC dissector buffer overflow. Fixed in 1.8.2, 1.6.10.

wnpa-sec-2012-18. Wireshark RTPS2 dissector buffer overflow. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-17. Wireshark AFP dissector large loop. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-16. Wireshark ERF dissector flaws. Fixed in 1.8.2.

wnpa-sec-2012-15. Wireshark XTP dissector large loop. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-14. Wireshark MongoDB large loop. Fixed in 1.8.2.

wnpa-sec-2012-13. Wireshark DCP ETSI zero division. Fixed in 1.8.2, 1.6.10, 1.4.15.

wnpa-sec-2012-12. Large loop in the NFS dissector. Fixed in 1.8.1, 1.6.9, 1.4.14.

wnpa-sec-2012-11. PPP dissector crash. Fixed in 1.8.1, 1.6.9, 1.4.14.

wnpa-sec-2012-10. Wireshark memory alignment flaw. Fixed in 1.4.13, 1.6.8.

wnpa-sec-2012-09. Wireshark DIAMETER memory allocation flaw. Fixed in 1.4.13, 1.6.8.

wnpa-sec-2012-08. Infinite and large loops in many dissectors. Fixed in 1.4.13, 1.6.8.

wnpa-sec-2012-07. Wireshark MP2T memory allocation flaw. Fixed in 1.4.12, 1.6.6.

wnpa-sec-2012-06. Wireshark pcap and pcap-ng file format crash. Fixed in 1.4.12, 1.6.6.

wnpa-sec-2012-05. Wireshark 802.11 infinite loop. Fixed in 1.6.6.

wnpa-sec-2012-04. Wireshark ANSI A dissector crash. Fixed in 1.4.12, 1.6.6.

wnpa-sec-2012-03. Wireshark RLC dissector buffer overflow. Fixed in 1.4.11, 1.6.5.

wnpa-sec-2012-02. Wireshark NULL pointer vulnerabilities. Fixed in 1.4.11, 1.6.5.

wnpa-sec-2012-01. Multiple Wireshark file parser vulnerabilities. Fixed in 1.4.11, 1.6.5.

2011

wnpa-sec-2011-19. Wireshark ERF file parser vulnerability. Fixed in 1.6.3.

wnpa-sec-2011-18. Wireshark Infiniband dissector vulnerability. Fixed in 1.6.3.

wnpa-sec-2011-17. Wireshark CSN.1 dissector vulnerability. Fixed in 1.6.3.

wnpa-sec-2011-16. Wireshark CSN.1 dissector vulnerability. Fixed in 1.6.2.

wnpa-sec-2011-15. Wireshark Lua script execution vulnerability. Fixed in 1.6.2, 1.4.9.

wnpa-sec-2011-14. Wireshark buffer exception handling vulnerability. Fixed in 1.6.2.

wnpa-sec-2011-13. Wireshark IKE dissector vulnerability. Fixed in 1.6.2, 1.4.9.

wnpa-sec-2011-12. Wireshark OpenSafety dissector vulnerability. Fixed in 1.6.2.

wnpa-sec-2011-11. Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark. Fixed in 1.6.1.

wnpa-sec-2011-10. Lucent/Ascend file parser and ANSI MAP vulnerabilities in Wireshark. Fixed in 1.4.8.

wnpa-sec-2011-09. Lucent/Ascend file parser vulnerability in Wireshark. Fixed in 1.2.18.

wnpa-sec-2011-08. Multiple vulnerabilities in Wireshark. Fixed in 1.4.7.

wnpa-sec-2011-07. Multiple vulnerabilities in Wireshark. Fixed in 1.2.17.

wnpa-sec-2011-06. DECT, NFS, and X.509if vulnerabilities in Wireshark. Fixed in 1.4.5.

wnpa-sec-2011-05. X.509if vulnerability in Wireshark. Fixed in 1.2.16.

wnpa-sec-2011-04. MAC-LTE, ENTTEC, and ASN.1 BER vulnerabilities in Wireshark. Fixed in 1.4.4.

wnpa-sec-2011-03. Multiple vulnerabilities in Wireshark. Fixed in 1.2.15.

wnpa-sec-2011-02. MAC-LTE, ENTTEC, and ASN.1 BER vulnerabilities in Wireshark. Fixed in 1.4.3.

wnpa-sec-2011-01. MAC-LTE and ENTTEC vulnerabilities in Wireshark. Fixed in 1.2.14.

2010

wnpa-sec-2010-14. LDSS and ZigBee ZCL vulnerabilities in Wireshark. Fixed in 1.4.2.

wnpa-sec-2010-13. LDSS vulnerability in Wireshark. Fixed in 1.2.13.

wnpa-sec-2010-12. ASN.1 BER vulnerability in Wireshark. Fixed in 1.4.1.

wnpa-sec-2010-11. Vulnerabilities in Wireshark. Fixed in 1.2.12.

wnpa-sec-2010-10. DLL hijacking vulnerability in Wireshark. Fixed in 1.2.11.

wnpa-sec-2010-09. DLL hijacking vulnerability in Wireshark. Fixed in 1.0.16.

wnpa-sec-2010-08. Multiple vulnerabilities in Wireshark. Fixed in 1.2.10.

wnpa-sec-2010-07. Vulnerabilities in Wireshark. Fixed in 1.0.15.

wnpa-sec-2010-06. Multiple vulnerabilities in Wireshark. Fixed in 1.2.9.

wnpa-sec-2010-05. Multiple vulnerabilities in Wireshark. Fixed in 1.0.14.

wnpa-sec-2010-04. DOCSIS vulnerabilities in Wireshark. Fixed in 1.2.8.

wnpa-sec-2010-03. DOCSIS vulnerabilities in Wireshark. Fixed in 1.0.13.

wnpa-sec-2010-02. LWRES vulnerability in Wireshark. Fixed in 1.2.6.

wnpa-sec-2010-01. Multiple vulnerabilities in Wireshark. Fixed in 1.0.11.

2009

wnpa-sec-2009-09. Multiple vulnerabilities in Wireshark. Fixed in 1.2.5.

wnpa-sec-2009-08. Multiple vulnerabilities in Wireshark. Fixed in 1.0.10.

wnpa-sec-2009-07. Multiple vulnerabilities in Wireshark. Fixed in 1.2.3.

wnpa-sec-2009-06. Multiple vulnerabilities in Wireshark. Fixed in 1.2.2.

wnpa-sec-2009-05. Multiple vulnerabilities in Wireshark. Fixed in 1.0.9.

wnpa-sec-2009-04. Multiple vulnerabilities in Wireshark. Fixed in 1.2.1.

wnpa-sec-2009-03. PCNFSD vulnerability in Wireshark. Fixed in 1.0.8.

wnpa-sec-2009-02. Multiple problems in Wireshark. Fixed in 1.0.7.

wnpa-sec-2009-01. Multiple problems in Wireshark. Fixed in 1.0.6.

2008

wnpa-sec-2008-07. Multiple problems in Wireshark. Fixed in 1.0.5.

wnpa-sec-2008-06. Multiple problems in Wireshark. Fixed in 1.0.4.

wnpa-sec-2008-05. Multiple problems in Wireshark. Fixed in 1.0.3.

wnpa-sec-2008-04. Multiple problems in Wireshark. Fixed in 1.0.2.

wnpa-sec-2008-03. Multiple problems in Wireshark. Fixed in 1.0.1.

wnpa-sec-2008-02. Multiple problems in Wireshark. Fixed in 1.0.0.

wnpa-sec-2008-01. Multiple problems in Wireshark (formerly Ethereal). Fixed in 0.99.8.

2007

wnpa-sec-2007-03. Multiple problems in Wireshark (formerly Ethereal). Fixed in 0.99.7.

wnpa-sec-2007-02. Multiple problems in Wireshark (formerly Ethereal). Fixed in 0.99.6.

wnpa-sec-2007-01. Multiple problems in Wireshark (formerly Ethereal). Fixed in 0.99.5.

2006

wnpa-sec-2006-03. Multiple problems in Wireshark (formerly Ethereal). Fixed in 0.99.4.

wnpa-sec-2006-02. Multiple problems in Wireshark (Ethereal). Fixed in 0.99.3.

wnpa-sec-2006-01. Multiple problems in Ethereal. Fixed in 0.99.2.

Reporting Security Problems

If you've found a security problem with Wireshark we want to hear about it. You can let us know about security-related issues via the following channels:

Email. security[AT]wireshark.org. In cases where confidentiality is a concern, you can use our GPG key (id 0xE6FEAEEA).

Web. Our bug tracking system. Bugs can be marked private if needed.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE

• Visually rich, powerful LAN analyzer
• Quickly access very large pcap files
• Professional, customizable reports
• Advanced triggers and alerts
• Fully integrated with Wireshark and AirPcap™

Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance

• Troubleshoot problems faster
• Quickly identify the applications running on your network
• Monitor your virtual machine traffic

Learn More

I need to capture wireless traffic...

ANSWER: AirPcap™ 802.11 Packet Capture

• WLAN packet capture and transmission
• Full 802.11 a/b/g/n support
• View management, control and data frames
• Multi-channel aggregation (with multiple adapters)

Learn More Buy Now