Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
The MP4 dissector could crash. (Bug 13777)
The ADB dissector could crash. (Bug 14460)
The IEEE 802.15.4 dissector could crash. (Bug 14468)
The NBAP dissector could crash. (Bug 14471)
The VLAN dissector could crash. (Bug 14469)
The LWAPP dissector could crash. (Bug 14467)
The Kerberos dissector could crash. (Bug 14576)
- tshark memory leaks with asan / valgrind [tn3270] (1/10). (Bug 14480)
- tshark memory leaks with asan / valgrind [isup] (2/10). (Bug 14481)
- tshark memory leaks with asan / valgrind [lapd] (3/10). (Bug 14482)
- tshark memory leaks with asan / valgrind [smb2] (4/10). (Bug 14483)
- tshark memory leaks with asan / valgrind [Inter-ORB] (5/10). (Bug 14484)
- tshark memory leaks with asan / valgrind [oids] (6/10). (Bug 14485)
- tshark memory leaks with asan / valgrind [multipart] (7/10). (Bug 14486)
- tshark memory leaks with asan / valgrind [h223] (8/10). (Bug 14487)
- tshark memory leaks with asan / valgrind [Co-Pilot] (9/10). (Bug 14488)
The following bugs have been fixed:
- Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes in later releases. (Bug 14293)
- PEEKREMOTE dissector lacks 80mhz support, short preamble support and spatial streams encoding. (Bug 14452)
- Typo error in enumeration value of speech version identifier. (Bug 14528)
- WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. (Bug 14538)
- Buildbot crash output: fuzz-2018-03-19-19114.pcap. (Bug 14544)
- alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion. (Bug 14552)
- HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. (Bug 14554)
- Makefile.in uses non-portable "install" command. (Bug 14555)
- HP-UX HP ANSI C doesn’t support assigning {} to a variable in epan/app_mem_usage.c. (Bug 14556)
- PPP in SSTP, HDLC framing not parsed properly. (Bug 14559)
- Using the DIAMETER dictionary causes the standard input to be closed when the dictionary is read. (Bug 14577)
6LoWPAN, ADB, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE 802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD, LWAPP, MIME multipart, MP4, NBAP, PCP, PEEKREMOTE, S1AP, SMB2, SSTP, T.30, TN3270, VLAN, WCCP, and WSP
There is no new or updated capture file support in this release.
There are no new or updated capture interfaces supported in this release.
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.