Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed.
The CAPWAP dissector could crash. Discovered by Laurent Butti. (Bug 8725)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
The GMR-1 BCCH dissector could crash. Discovered by Sylvain Munaut and Laurent Butti. (Bug 7664, Bug 8726 )
Versions affected: 1.8.0 to 1.8.7.
The PPP dissector could crash. Discovered by Laurent Butti. (Bug 7880, Bug 8727 )
Versions affected: 1.8.0 to 1.8.7.
The NBAP dissector could crash. (Bug 8697)
Versions affected: 1.8.0 to 1.8.7.
The RDP dissector could crash. Discovered by Laurent Butti (Bug 8729)
Versions affected: 1.8.0 to 1.8.7.
The GSM CBCH dissector could crash. Discovered by Laurent Butti (Bug 8730)
Versions affected: 1.8.0 to 1.8.7.
The Assa Abloy R3 dissector could consume excessive memory and CPU. (Bug 8764)
Versions affected: 1.8.0 to 1.8.7.
The HTTP dissector could overrun the stack. Discovered by David Keeler. (Bug 8733)
Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
The Ixia IxVeriWave file parser could overflow the heap. Discovered by Sachin Shinde. (Bug 8760)
Versions affected: 1.8.0 to 1.8.7.
The DCP ETSI dissector could crash. (Bug 8717)
Versions affected: 1.10.0, 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
The following bugs have been fixed:
TRY_TO_FAKE_THIS_ITEM disables bounds errors. (Bug 3290)
Multiple expert info in a packet does not cause the most "severe" to be displayed in expert column. (Bug 7733)
tshark -z io,stat reports bad byte counts if filter doesn't match anything. (Bug 8066)
Add decryption for WPA eapol 4-way handshake. (Bug 8680)
wireshark is crashing while attempting to use 'SCTP' -> 'Prepare Filter for this Association'. (Bug 8731)
Crash analyzing VoIP Calls (T38). (Bug 8736)
IMAP Dissector, Missing byte. (Bug 8739)
C12.22 Invocation Id shows negative sometimes. (Bug 8744)
gsm_a_dtap dissector (SMS): under certain conditions fillbits may be displayed for an alphanumeric TP-Originating-Address. (Bug 8756)
TETRA dissector assertion. (Bug 8768)
Mark retransmitted SYN and FIN packets as retransmissions.
Bittorrent DHT, C12.22, CAPWAP, DCP ETSI, EAPOL, GMR-1 BCCH, GSM CBCH, GSM SMS, HTTP, IMAP, NBAP, PPP, R3, RDP, SGsAP, T.38, TETRA
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.