Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335
Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible.
The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334
The DOCSIS dissector could crash. Bug 14446, CVE-2018-7337
The FCP dissector could crash. Bug 14374, CVE-2018-7336
The SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320
The pcapng file parser could crash. Bug 14403, CVE-2018-7420
The IPMI dissector could crash. Bug 14409, CVE-2018-7417
The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418
The NBAP disssector could crash. Bug 14443, CVE-2018-7419
The following bugs have been fixed:
- Change placement of "double chevron" in Filter Toolbar to eliminate overlap. (Bug 14121)
- AutoScroll does not work. (Bug 14257)
- BOOTP/DHCP: malformed packet → when user class option (77) is present. (Bug 14312)
- GET MAX LUN wLength decoded as big-endian - USB Mass Storage. (Bug 14360)
- Unable to create Filter Expression Button for a yellow filter. (Bug 14369)
- Buildbot crash output: fuzz-2018-01-28-15874.pcap. (Bug 14371)
- NetScaler RPC segmentation fault / stack overflow. (Bug 14399)
- [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc (generate_hash_key). (Bug 14407)
- Newline "\n" in packet list field increase line height for all rows. (Bug 14424)
- ieee80211-radio.c preamble duration calculation not correct. (Bug 14439)
- DIS: Malformed packet in SISO-STD-002 transmitter. (Bug 14441)
ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL, FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP, LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass Storage, and WCCP
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.