Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410
Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.
openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411
Note: This is an update for a fix in Wireshark 2.2.7.
AMQP dissector crash. (Bug 13780) CVE-2017-11408
MQ dissector crash. (Bug 13792) CVE-2017-11407
DOCSIS infinite loop. (Bug 13797) CVE-2017-11406
GPRS LLC large loop. (Bug 13603) CVE-2017-11409
The following bugs have been fixed:
- Regression in SCCP fragments handling. (Bug 13651)
- TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (Bug 13739)
- Dissector for WSMP (IEEE 1609.3) not current. (Bug 13766)
- DAAP dissector dissect_daap_one_tag recursion stack exhausted. (Bug 13799)
- Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference. (Bug 13811)
- It seems SPVID was decoded from wrong field. (Bug 13821)
- README.dissectors: Add notes about predefined string structures not available to plugin authors. (Bug 13828)
- cmake/modules/FindZLIB.cmake doesn’t find inflatePrime. (Bug 13850)
- [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. (Bug 13783)
AMQP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, GPRS LLC, ISIS LSP, MQ, OpenSafety, OSPF, PROFINET IO, SCCP, TCAP, TCP, UMTS FP, UMTS RLC, WBMXL, and WSMP
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.