Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerability has been fixed.
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The MS-MMC dissector (and possibly others) could crash. (Bug 8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar. (Bug X)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
The following bugs have been fixed:
The HTTP dissector does not reassemble headers when the first TCP segment does not contain a full header line.
SNMPv3 Engine ID registration. (Bug 2426)
Illegal character is used in temporary capture file name. (Bug 7877)
Core dumped when the file is closed. (Bug 8022)
Wrong packet bytes are selected for ISUP CUG binary code. (Bug 8035)
Decodes FCoE Group Multicast MAC address as Broadcom MAC address. (Bug 8046)
The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages. (Bug 8075)
Wrong bytes highlighted with "Find Packet...". (Bug 8085)
3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
Warn Dissector bug, protocol JXTA. (Bug 8212)
Electromagnetic Emission Parser parses field Event Id as Entity Id. (Bug 8227)
Bluetooth HCI, CLNP, DCP-ETSI, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, Fibre Channel, GTPv2, ISUP, JXTA, MPLS, MS-MMC, NTLMSSP, R3, RTPS, SNMP
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Wireshark might make your system disassociate from a wireless network on OS X 10.4. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not ship with libsmi. (Win64 development page)
"Closing File!" Dialog Hangs. (Bug 3046)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times when displayed as a custom column. (Bug 4985)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.