Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (Bug 5530)
Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
FRAsse discovered that the ENTTEC dissector could overflow a buffer. (Bug 5539)
Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
The ASN.1 BER dissector could assert and make Wireshark exit prematurely. (Bug 5537)
Versions affected: 1.4.0 to 1.4.2.
The following bugs have been fixed:
AMQP failed assertion. (Bug 4048)
Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
Fuzz testing reports possible dissector bug: TCP. (Bug 4211)
Wrong length calculation in new_octet_aligned_subset_bits() (PER dissector). (Bug 5393)
Function dissect_per_bit_string_display might read more bytes than available (PER dissector). (Bug 5394)
Cannot load wpcap.dll & packet.dll from Wireshark program directory. (Bug 5420)
Wireshark crashes with Copy -> Description on date/time fields. (Bug 5421)
DHCPv6 OPTION_CLIENT_FQDN parse error. (Bug 5426)
Information element Error for supported channels. (Bug 5430)
Assert when using ASN.1 dissector with loading a 'type table'. (Bug 5447)
Bug with RWH parsing in Infiniband dissector. (Bug 5444)
Help->About Wireshark mis-reports OS. (Bug 5453)
Delegated-IPv6-Prefix(123) is shown incorrect as X-Ascend-Call-Attempt-Limit(123). (Bug 5455)
"tshark -r file -T fields" is truncating exported data. (Bug 5463)
gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet Flow Identifier. (Bug 5475)
Improper decode of TLS 1.2 packet containing both CertificateRequest and ServerHelloDone messages. (Bug 5485)
LTE-PDCP UL and DL problem. (Bug 5505)
CIGI 3.2/3.3 support broken. (Bug 5510)
Prepare Filter in RTP Streams dialog does not work correctly. (Bug 5513)
Wrong decode at ethernet OAM Y.1731 ETH-CC. (Bug 5517)
WPS: RF bands decryption. (Bug 5523)
Incorrect LTP SDNV value handling. (Bug 5521)
LTP bug found by randpkt. (Bug 5323)
Buffer overflow in SNMP EngineID preferences. (Bug 5530)
AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC, GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T, RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM, WPS
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
Wireshark might make your system disassociate from a wireless network on OS X 10.4. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not ship with the same libraries as the 32-bit installer. (Bug 3610)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Commercial support is available from CACE Technologies.
Training is available from Wireshark University.
A complete FAQ is available on the Wireshark web site.