Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. (Bug 5652)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a large packet length in a pcap-ng file could crash Wireshark. (Bug 5661)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
Wireshark could overflow a buffer while reading a Nokia DCT3 trace file.
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
joernchen of Phenoelit discovered that the LDAP and SMB dissectors could overflow the stack. (Bug 5717)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that large LDAP Filter strings can consume excessive amounts of memory. (Bug 5732)
Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
The following bugs have been fixed:
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
Wireshark might make your system disassociate from a wireless network on OS X. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Wireshark might freeze when reading from a pipe. (Bug 2082)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not ship with the same libraries as the 32-bit installer. (Bug 3610)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Training is available from Wireshark University.
A complete FAQ is available on the Wireshark web site.