Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
IMAP dissector crash (Bug 13466) CVE-2017-7703
WBMXL dissector infinite loop (Bug 13477) CVE-2017-7702
NetScaler file parser infinite loop (Bug 13478) CVE-2017-7700
RPCoRDMA dissector infinite loop (Bug 13558) CVE-2017-7705
BGP dissector infinite loop (Bug 13557) CVE-2017-7701
DOF dissector infinite loop (Bug 13453) CVE-2017-7704
PacketBB dissector crash (Bug 13559)
SLSK dissector long loop (Bug 13576)
SIGCOMP dissector infinite loop (Bug 13578)
WSP dissector infinite loop (Bug 13581)
The following bugs have been fixed:
- T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
- Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
- Added IEEE 802.15.4-2003 AES-CCM security modes (packet-ieee802154). (Bug 4912)
- Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
- IEEE 802.15.4: an area of Payload IEs is dissected twice. (Bug 13068)
- Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
- Crash on exit due to an invalid frame data sequence state. (Bug 13433)
- Access Violation using Lua dissector. (Bug 13457)
- Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
- VOIP RTP stream Find Reverse button doesn’t work. (Bug 13462)
- Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
- GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
- Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
- Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
- Wrong BGP capability dissect. (Bug 13521)
- Endpoint statistics column labels seem incorrect. (Bug 13526)
- Strange automatic jump in packet details for a certain DNS response packet. (Bug 13533)
- When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
- IO Graph selects wrong packet or displays "Packet number x isn’t displayed". (Bug 13537)
- tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
- SSL: Handshake type in Info column not always separated by comma. (Bug 13539)
- libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
- libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
- libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
- libfuzzer: MIH dissector bug. (Bug 13547)
- libfuzzer: DNS dissector bug. (Bug 13548)
- libfuzzer: WLCCP dissector bug. (Bug 13549)
- libfuzzer: TAPA dissector bug. (Bug 13553)
- libfuzzer: lapsat dissector bug. (Bug 13554)
- libfuzzer: wassp dissector bug. (Bug 13555)
- Illegal reassembly of GSM SMS packets. (Bug 13572)
- SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
- NBAP malformed packet for short Binding ID. (Bug 13577)
- libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
- libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)
- RTPproxy dissector adds multi lines to info column. (Bug 13582)
ASTERIX, BGP, BSSGP, BT AVRCP, BT HCI_CMD, BT HFP, BT PBAP, DNS, DOF, EAPOL-MKA, GIOP, GSM SMS, HTTP, ICMP, IEEE 802.11, IEEE 802.15.4, IMAP, ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, NBIFOM, PacketBB, PEEKREMOTE, RPCoRDMA, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, SSL, T.30, TAPA, UA3G, WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
There is no new or updated capture file support in this release.
NetScaler, and pcapng
There are no new or updated capture interfaces supported in this release.
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.