Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
- wnpa-sec-2017-04 RTMTP dissector infinite loop (Bug 13347) CVE-2017-6472
IMAP dissector crash (Bug 13466) CVE-2017-7703
WBMXL dissector infinite loop (Bug 13477) CVE-2017-7702
NetScaler file parser infinite loop (Bug 13478) CVE-2017-7700
RPCoRDMA dissector infinite loop (Bug 13558) CVE-2017-7705
BGP dissector infinite loop (Bug 13557) CVE-2017-7701
PacketBB dissector crash (Bug 13559)
SLSK dissector long loop (Bug 13576)
SIGCOMP dissector infinite loop (Bug 13578)
WSP dissector infinite loop (Bug 13581)
The following bugs have been fixed:
- T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
- Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
- Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
- Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
- Crash on exit due to an invalid frame data sequence state. (Bug 13433)
- Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
- Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
- GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
- Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
- Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
- Wrong BGP capability dissect. (Bug 13521)
- Endpoint statistics column labels seem incorrect. (Bug 13526)
- When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
- tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
- libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
- libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
- libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
- libfuzzer: MIH dissector bug. (Bug 13547)
- libfuzzer: DNS dissector bug. (Bug 13548)
- libfuzzer: WLCCP dissector bug. (Bug 13549)
- libfuzzer: TAPA dissector bug. (Bug 13553)
- libfuzzer: lapsat dissector bug. (Bug 13554)
- libfuzzer: wassp dissector bug. (Bug 13555)
- SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
- NBAP malformed packet for short Binding ID. (Bug 13577)
- libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
- RTPproxy dissector adds multi lines to info column. (Bug 13582)
- libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)
ASTERIX, BGP, BT AVRCP, DNS, EAPOL-MKA, GIOP, ICMP, IEEE 802.15.4, IMAP, ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, PacketBB, PEEKREMOTE, RPCoRDMA, RTMTP, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, T.30, TAPA, UA3G, WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
There is no new or updated capture file support in this release.
NetScaler
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.