Advertisement

CHANGELOG

What's New in version 3.4.2:

Bug Fixes:

  • The following vulnerabilities have been fixed: Wnpa-sec-2020-20 QUIC dissector crash Bug 17073.

The following bugs have been fixed:

  • New and Updated Features
  • IETF QUIC TLS decryption errors when packets are coalesced with random data Bug 16914.
  • QUIC: missing dissection of some coalesced SH packets Bug 17011.
  • Macos-setup.sh can’t find SDK on macOS Big Sur, as it went to 11 Bug 17043.
  • Mapping endpoints in browser - Map file error Bug 17074.
  • Wireshark 3.4.1 hangs on startup on macOS Big Sur 11.0.1 Bug 17075.
  • False expect error seen on FCoE frames (not seen with older release wireshark 1.2.18) Bug 17084.
  • Several libraries missing in 3.4.1 and 3.2.9 installers for macOS Bug 17086.

New Protocol Support:

  • There are no new protocols in this release.
  • Updated Protocol Support
  • DOCSIS, FC-dNS, FC-SWILS, FCoE, QUIC, SNMP, and USBHID

What's New in version 3.2.6:

Bug Fixes:

The following vulnerabilities have been fixed:

  • wnpa-sec-2020-10 Kafka dissector crash. Bug 16672. CVE-2020-17498.

The following bugs have been fixed:

  • Kafka dissector fails parsing FETCH responses. Bug 16623.
  • Dissector for ASTERIX Category 001 / 210 does not recognize bit 1 as extension. Bug 16662.
  • "invalid timestamp" for Systemd Journal Export Block. Bug 16664.
  • Decoding Extended Emergency number list IE length. Bug 16668.
  • Some macOS Bluetooth PacketLogger capture files aren't recognized as PacketLogger files (regression, bisected). Bug 16670.
  • Short IMSIs (5 digits) lead to wrong decoding+warning. Bug 16676.
  • Decoding of PFCP IE 'PFD Contents' results in "malformed packet". Bug 16704.
  • RFH2 Header with 32 or less bytes of NameValue will not parse out that info. Bug 16733.
  • CDP: Port ID TLV followed by Type 1009 TLV triggers [Malformed Packet]. Bug 16742.
  • tshark crashed when processing opcda. Bug 16746.
  • tshark with --export-dicom gives 'Segmentation fault (core dumped)'. Bug 16748.

Updated Protocol Support:

  • ASTERIX, BSSAP, CDP, CoAP, DCERPC SPOOLSS, DCOM, DICOM, DVB-S2, E.212, GBCS, GSM RR, GSM SMS, IEEE 802.11, Kafka, MQ, Nano, NAS 5GS, NIS+, NR RRC, PacketLogger, PFCP, RTPS, systemd Journal, TDS, TN3270, and TN5250

New and Updated Capture File Support:

  • PacketLogger and pcapng

What's New in version 3.2.5:

The following vulnerabilities have been fixed:

  • wnpa-sec-2020-09 GVCP dissector infinite loop. Bug 16029. CVE-2020-15466

The following bugs have been fixed:

  • Add decryption support for QUIC IETF version 0xfaceb001 and 0xfaceb002. Bug 16378
  • Windows Uninstall does not remove all files in Program Files. Bug 16601
  • The 'relative sequence number' is same as 'raw sequence number' when tcp.analyze_sequence_numbers:FALSE. Bug 16604
  • Importing profiles from a different Windows PC fails. Bug 16608
  • Decode as not working correctly with multiple user profiles. Bug 16635
  • Wireshark can misdissect the HE Radiotap field if it’s ever dissected one with any value unknown. Bug 16636
  • Buildbot crash output: fuzz-2020-06-19-5981.pcap. Bug 16639
  • Buildbot crash output: fuzz-2020-06-20-7665.pcap. Bug 16642
  • mergecap man page contains invalid formatting. Bug 16652

Updated Protocol Support:

  • CoAP, GSM RR, GTPv2, GVCP, LTE RRC, NAS-5GS, NGAP, QUIC, R3, Radiotap, RTPS, and TCP

What's New in version 3.2.3:

The following vulnerabilities have been fixed:

  • wnpa-sec-2020-07 The BACapp dissector could crash. Bug 16474. CVE-2020-11647.

The following bugs have been fixed:

  • Add (IETF) QUIC Dissector. Bug 13881.
  • Rename profile name loses list selection. Bug 15966.
  • Dissector bug warning dissecting TLS Certificate Request with many names. Bug 16202.
  • Only ACKs, but no DATA frames are visible in -> TCP Stream Graph -> Time Sequence (tcptrace). Bug 16281.
  • Copy>Description does not work properly for all tree items. Bug 16323.
  • Importing profiles in Windows - zip files fail and from directory crashes Wireshark. Bug 16410.
  • Packet List selection is gone when adding or removing a display filter. Bug 16414.
  • Check for updates, and auto-update, not working in 3.2.1. Bug 16416.
  • f5ethtrailer: TLS trailer creates incorrect CLIENT keylog entries. Bug 16417.
  • Buildbot crash output: randpkt-2020-03-04-18423.pcap. Bug 16424.
  • File open dialog shows garbled time stamps. Bug 16429.
  • RTCP Bye without optional reason reported as [Malformed Packet]. Bug 16434.
  • [oss-fuzz] #20732: Undefined-shift in dissect_rtcp. Bug 16445.
  • SOMEIP: SOME/IP-SD dissector fails to register SOME/IP ports, if IPv6 is being used (BUG). Bug 16448.
  • tshark logs: '…?could not be opened: Too many open files.'. Bug 16457.
  • Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed. Bug 16472.
  • Buildbot crash output: randpkt-2020-04-02-31746.pcap. Bug 16477.

What's New in version 3.2.2:

Bug Fixes:

The following vulnerabilities have been fixed

  • wnpa-sec-2020-03 LTE RRC dissector memory leak. Bug 16341.
  • wnpa-sec-2020-04 WiMax DLMAP dissector crash. Bug 16368.
  • wnpa-sec-2020-05 EAP dissector crash. Bug 16397.
  • wnpa-sec-2020-06 WireGuard dissector crash. Bug 16394.

The following bugs have been fixed

  • Add (IETF) QUIC Dissector. Bug 13881.
  • Support for CoAP over TCP and WebSockets (RFC 8323). Bug 15910.
  • SMB IOCTL response packet with BUFFER_OVERFLOW status is dissected improperly. Bug 16261.
  • Wireshark fails to build with GCC-9. Bug 16319.
  • NVMe/TCP ICReq PDU Not Interpreted Correctly. Bug 16333.
  • ICMP: No response if ICMP reply packet has an ICMP checksum of 0x0000. Bug 16334.
  • Display filter parsing broken after upgrade from 3.0.7. Bug 16336.
  • IPv4 fragment offset value is incorrect in IPv4 header decode. Bug 16344.
  • RTCP frame length warning for SAT>IP APP packets. Bug 16345.
  • RTP export to rtpdump file doesn’t work. Bug 16351.
  • CFDP dissector skips a byte. Bug 16361.
  • ISAKMP: IKEv2 transforms and proposal have critical bit (BUG). Bug 16364.
  • No IPv4/IPv6 hosts in Resolved Addresses dialog. Bug 16366.
  • Lack of Check for Updates option in the Windows GUI. Bug 16381.
  • LLDP dissector consumes all octets to the end of the TVB and eth trailer dissector does not get called. Bug 16387.
  • LACP dissector consumes all octets to the end of the TVB and eth trailer dissector does not get called. Bug 16388.

Updated Protocol Support:

  • ARTNET, CFDP, CoAP, EAP, GTP, ICMP, ICMPv6, IPv4, ISAKMP, LACP, LLDP, LTE RRC, NBAP, NVME-TCP, QUIC, RDM, RTCP, RTP, SMB, SOME/IP, TLS, WiMax DLMAP, and WireGuard

What's New in version 3.2.1:

Bug Fixes:

The following vulnerabilities have been fixed:

  • wnpa-sec-2020-01 WASSP dissector crash. Bug 16324. CVE-2020-7044.

The following bugs have been fixed:

  • Incorrect parsing of USB CDC packets. Bug 14587.
  • Wireshark fails to create directory if parent directory does not yet exist. Bug 16143.
  • Buildbot crash output: randpkt-2019-11-30-22633.pcap. Bug 16240.
  • Closing Flow Graph closes (crashes) main GUI window. Bug 16260.
  • Wireshark interprets websocket frames after HTTP handshake in a wrong way. Bug 16274.
  • A-bis/OML: IPA Destination IP Address attribute contains inverted value (endianness). Bug 16282.
  • wiretap/log3gpp.c: 2 * leap before looking ?. Bug 16283.
  • Opening shell terminal prints Wireshark: Permission denied. Bug 16284.
  • h264: SPS frame_crop_right_offset shown in UI as frame_crop_left_offset. Bug 16285.
  • BGP: update of 'Sub-TLV Length' by draft-ietf-idr-tunnel-encaps. Bug 16294.
  • SPNEGO+GSS-API+Kerberos+ap-options dissection produces 'Unknown Bit(s)' expert message. Bug 16301.
  • USB Audio feature unit descriptor is incorrectly dissected. Bug 16305.
  • Compiling the .y files fails with Berkeley YACC. Bug 16306.
  • PDB files in Windows installer. Bug 16307.
  • NAS-5GS 5GS network feature support lacks MCSI, EMCN3 two fields (octet 4). Bug 16310.
  • Option to change “Packet List” columns header right click pop-up menu behavior. Bug 16317.
  • DLT: Dissector does not parse multiple DLT messages in single UDP packet. Bug 16321.
  • ISAKMP Dissection: Enhance Source id and Destination ID field of GDOI SA TEK payload for non IP ID type. Bug 16233.
  • DOIP: Typo in 'identifcation request messages'. Bug 16325.
  • Toolbar '?' help button - no text/help displayed. Bug 16327.

Updated Protocol Support:

  • 802.11 Radiotap, ASN.1 BER, BGP, DLT, DOIP, GSM A RR, GSM A-bis/OML, H264, HTTP, IEC 60870-5-104, IEEE 802.11, IPv4, ISAKMP, NAS 5GS, rtnetlink, SIP, TIPC, USB Audio, USB CDC, and WASSP
  • New and Updated Capture File Support
  • 3gpp phone log

Getting Wireshark:

  • Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
  • Vendor-supplied Packages
  • Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations:

  • Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About?Folders to find the default locations on your system.

What's New in version 3.2.0:

  • Minor bug fixes.

What's New in version 3.0.7:

New:

  • The Windows and macOS installers now ship with Qt 5.12.6. They previously shipped with Qt 5.12.5

Bug Fixes:

The following vulnerabilities have been fixed:

  • wnpa-sec-2019-22 CMS dissector crash. Bug 15961. CVE-2019-19553

The following bugs have been fixed:

  • ws_pipe_wait_for_pipe() can wait on closed handles. Bug 15696
  • Support for 11ax in PEEKREMOTE. Bug 15740
  • The temporary file …? could not be opened: Invalid argument. Bug 15751
  • Reassembling of the two TLS records is not working correctly. Bug 16109
  • Display Filter Area: Dropdown Missing pkt_comment and tcp.options.sack_perm (likely others). Bug 16130
  • Display Filter autocompletion should be disabled. Bug 16132
  • BGP Linkstate IP Reachability information is incorrect. Bug 16144
  • NGAP: ExpectedUEActivityBehaviour decode error. Bug 16145
  • HomePlug AV dissector: MMTYPE and FMI fields are dissected incorrectly. Bug 16158
  • JPEG files cannot be saved on Windows with french language. Bug 16165
  • X11 --display interpreted as --display-filter which maps to -Y option. Bug 16167
  • 'Create new file automatically after' not working with extcap. Bug 16178
  • Encrypted TLS alerts sometimes listed as decrypted. Bug 16180
  • The 'Remove Wireshark from the system path' package has 'Add Wireshark to the system PATH' as its title. Bug 16200
  • tshark -T ek -x causes get_field_data: code should not be reached. Bug 16218
  • Crash on Go ? Next/Previous Packet in Conversation when no packet is selected. Bug 16228

Updated Protocol Support:

  • BGP, HomePlug AV, IEEE 802.11, and TLS

What's New in version 3.0.1:

What's New:

  • The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.

Bug Fixes:

  • The following vulnerabilities have been fixed:

    • wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
    • wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
    • wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
    • wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
    • wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
    • wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
    • wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
    • wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
    • wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
    • wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.

    The following bugs have been fixed:

    • [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.
    • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439.
    • Duplicated TCP SEQ field in ICMP packets. Bug 15533.
    • Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542.
    • Wireshark's speaker-to-MaxMind is burning up the CPU. Bug 15545.
    • GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
    • Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.
    • &'37;T not supported for timestamps. Bug 15565.
    • LWM2M: resource with rn badly shown. Bug 15572.
    • When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578.
    • Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.
    • Windows console log output delay. Bug 15605.
    • Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.
    • NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.
    • randpkt -r causes segfault when count > 1. Bug 15627.
    • Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628.
    • Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.
    • BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.
    • Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.
    • Typo: broli ? brotli. Bug 15647.
    • Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648.
    • Windows CHM (help file) title displays quoted HTML characters. Bug 15656.
    • Unable to load 3rd party plugins not signed by Wireshark's codesigning certificate. Bug 15667.

    Updated Protocol Support:

    • BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE 802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog, TCP, TLS, and TSDNS

    New and Updated Capture File Support:

    • NetScaler and pcap

    What's New in version 3.0.0 RC1:

    Bug fixes:

    • Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427[1])
    • Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489[2]).
    • Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098[3])
    • Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[4])

    New and updated features:

    • Wireshark now supports the Swedish and Ukrainian languages.
    • Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
    • The build system now produces reproducible builds (Bug 15163[5]).
    • The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.

    What's New in version 2.6.5:

    Bug Fixes:

    The following vulnerabilities have been fixed:

    • Wnpa-sec-2018-51 The Wireshark dissection engine could crash. Bug 14466. CVE-2018-19625.
    • Wnpa-sec-2018-52 The DCOM dissector could crash. Bug 15130. CVE-2018-19626.
    • Wnpa-sec-2018-53 The LBMPDM dissector could crash. Bug 15132. CVE-2018-19623.
    • Wnpa-sec-2018-54 The MMSE dissector could go into an infinite loop. Bug 15250. CVE-2018-19622.
    • Wnpa-sec-2018-55 The IxVeriWave file parser could crash. Bug 15279. CVE-2018-19627.
    • Wnpa-sec-2018-56 The PVFS dissector could crash. Bug 15280. CVE-2018-19624.
    • Wnpa-sec-2018-57 The ZigBee ZCL dissector could crash. Bug 15281. CVE-2018-19628.

    The following bugs have been fixed:

    • VoIP Calls dialog doesn’t include RTP stream when preparing a filter. Bug 13440.
    • Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive. Bug 14335.
    • Closing Enabled Protocols dialog crashes wireshark. Bug 14349.
    • Unable to Export Objects ? HTTP after sorting columns. Bug 14545.
    • DNS Response to NS query shows as malformed packet. Bug 14574.
    • Encrypted Alerts corresponds to a wrong selection in the packet bytes pane. Bug 14712.
    • Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled. Bug 15014.
    • ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8. Bug 15056.
    • Text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header. Bug 15194.
    • Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug 15196.
    • Infinite read loop when extcap exits with error and error message. Bug 15205.
    • MATE unable to extract fields for PDU. Bug 15208.
    • Malformed Packet: SV. Bug 15224.
    • OPC UA Max nesting depth exceeded for valid packet. Bug 15226.
    • TShark 2.6 does not print GeoIP information. Bug 15230.
    • ISUP (ANSI) packets malformed in WS versions later than 2.4.8. Bug 15236.
    • Handover candidate enquire message not decoded. Bug 15237.
    • TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled. Bug 15248.
    • ICMPv6 with routing header incorrectly placed. Bug 15270.
    • IEEE 802.11 Vendor Specific fixed fields display as malformed packets. Bug 15273.
    • Text2pcap -4 and -6 option should require -i as well. Bug 15275.
    • Text2pcap direction sensitivity does not affect dummy ethernet addresses. Bug 15287.
    • MLE security suite display incorrect. Bug 15288.
    • Message for incorrect IPv4 option lengths is incorrect. Bug 15290.
    • TACACS+ dissector does not properly reassemble large accounting messages. Bug 15293.
    • NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307.
    • New and Updated Features
    • There are no new features in this release.
    • New Protocol Support
    • There are no new protocols in this release.
    • Updated Protocol Support
    • BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE 802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa, PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
    • New and Updated Capture File Support
    • 3GPP TS 32.423 Trace and IxVeriWave
    • New and Updated Capture Interfaces support
    • Sshdump
    • Getting Wireshark
    • Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
    • Vendor-supplied Packages
    • Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
    • File Locations
    • Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About?Folders to find the default locations on your system.
    • Known Problems
    • The BER dissector might infinitely loop. Bug 1516.
    • Capture filters aren’t applied when capturing from named pipes. Bug 1814.
    • Filtering tshark captures with read filters (-R) no longer works. Bug 2234.
    • Application crash when changing real-time option. Bug 4035.
    • Wireshark and TShark will display incorrect delta times in some cases. Bug 4985.
    • Wireshark should let you work with multiple capture files. Bug 10488.
    • Getting Help
    • Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

    What's New in version 2.6.4:

    Bug Fixes:

    The following vulnerabilities have been fixed:

    • wnpa-sec-2018-47
    • MS-WSP dissector crash. Bug 15119. CVE-2018-18227.
    • wnpa-sec-2018-48
    • Steam IHS Discovery dissector memory leak. Bug 15171. CVE-2018-18226.
    • wnpa-sec-2018-49
    • CoAP dissector crash. Bug 15172. CVE-2018-18225.
    • wnpa-sec-2018-50
    • OpcUA dissector crash. CVE-2018-12086.

    The following bugs have been fixed:

    • HTTP2 dissector decodes first SSL record only. Bug 11173.
    • Undocumented sub-option for -N option in man page and tshark -N help. Bug 14826.
    • Mishandling of Port Control Protocol option padding. Bug 14950.
    • MGCP: parameter lines are case-insensitive. Bug 15008.
    • Details of 2nd sub-VSA in bundled RADIUS VSA are incorrect. Bug 15073.
    • Heuristic DPLAY dissector fails to recognize DPLAY packets. Bug 15092.
    • gsm_rlcmac_dl dissector exception. Bug 15112.
    • dfilter_buttons file under user-created profile. Bug 15114.
    • Filter buttons disappear when using pre-2.6 profile. Bug 15121.
    • PROFINET Information element AM_DeviceIdentification in Asset Management Info block is decoded wrongly. Bug 15140.
    • Hw dest addr column shows incorrect address. Bug 15144.
    • Windows dumpcap -i TCP@ fails on pcapng stream. Bug 15149.
    • Wildcard expansion doesn’t work on Windows 10 for command-line programs in cmd.exe or PowerShell. Bug 15151.
    • SSL Reassembly Error New fragment past old data limits. Bug 15158.

    What's New in version 2.6.0:

    • HTTP Request sequences are now supported.
    • Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite Legacy databases has been removed.
    • The Windows packages are now built using Microsoft Visual Studio 2017.
    • The IP map feature (the 'Map' button in the 'Endpoints' dialog) has been removed.

    What's New in version 2.4.6:

    The following vulnerabilities have been fixed:

    • The MP4 dissector could crash. (Bug 13777)
    • The ADB dissector could crash. (Bug 14460)
    • The IEEE 802.15.4 dissector could crash. (Bug 14468)
    • The NBAP dissector could crash. (Bug 14471)
    • The VLAN dissector could crash. (Bug 14469)
    • The LWAPP dissector could crash. (Bug 14467)
    • The TCP dissector could crash. (Bug 14472)
    • The CQL dissector could to into an infinite loop. (Bug 14530)
    • The Kerberos dissector could crash. (Bug 14576)
    • Multiple dissectors and other modules could leak memory. The TN3270 (Bug 14480), ISUP (Bug 14481), LAPD (Bug 14482), SMB2 (Bug 14483), GIOP (Bug 14484), ASN.1 (Bug 14485), MIME multipart (Bug 14486), H.223 (Bug 14487), and PCP (Bug 14488) dissectors were susceptible along with Wireshark and TShark (Bug 14489).

    The following bugs have been fixed:

    • TRANSUM doesn’t account for DNS retries in the Request Spread. (Bug 14210)
    • BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not able to decode the packet correctly. (Bug 14241)
    • Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes in later releases. (Bug 14293)
    • PEEKREMOTE dissector lacks 80mhz support, short preamble support and spatial streams encoding. (Bug 14452)
    • Statistics > UDP Multicast Streams > [Copy|Save as..] is broken. (Bug 14477)
    • Typo error in enumeration value of speech version identifier. (Bug 14528)
    • In "Unsaved packets" dialog one can NOT use keyboard to choose "Continue without Saving". (Bug 14531)
    • WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. (Bug 14538)
    • Buildbot crash output: fuzz-2018-03-19-19114.pcap. (Bug 14544)
    • alloca() used in wsutil/getopt_long.c without inclusion. (Bug 14552)
    • HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. (Bug 14554)
    • Makefile.in uses non-portable "install" command. (Bug 14555)
    • HP-UX HP ANSI C doesn’t support assigning {} to a variable in epan/app_mem_usage.c. (Bug 14556)
    • PPP in SSTP, HDLC framing not parsed properly. (Bug 14559)
    • Using the DIAMETER dictionary causes the standard input to be closed when the dictionary is read. (Bug 14577)

    Updated Protocol Support:

    • 6LoWPAN, ADB, BGP, CQL, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE 802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD, LWAPP, MIME multipart, MP4, NBAP, NORDIC_BLE, PCP, PEEKREMOTE, S1AP, SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP

    What's New in version 2.4.5:

    The following vulnerabilities have been fixed:

    • The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335
    • Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible.
    • The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334
    • The DOCSIS dissector could crash. Bug 14446, CVE-2018-7337
    • The FCP dissector could crash. Bug 14374, CVE-2018-7336
    • THe SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320
    • The pcapng file parser could crash. Bug 14403, CVE-2018-7420
    • The IPMI dissector could crash. Bug 14409, CVE-2018-7417
    • The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418
    • The NBAP disssector could crash. Bug 14443, CVE-2018-7419

    The following bugs have been fixed:

    • Change placement of "double chevron" in Filter Toolbar to eliminate overlap. (Bug 14121)
    • AutoScroll does not work. (Bug 14257)
    • BOOTP/DHCP: malformed packet ? when user class option (77) is present. (Bug 14312) GET MAX LUN wLength decoded as big-endian - USB Mass Storage. (Bug 14360)
    • Unable to create Filter Expression Button for a yellow filter. (Bug 14369)
    • Buildbot crash output: fuzz-2018-01-28-15874.pcap. (Bug 14371)
    • NetScaler RPC segmentation fault / stack overflow. (Bug 14399)
    • [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc (generate_hash_key). (Bug 14407)
    • Newline "n" in packet list field increase line height for all rows. (Bug 14424)
    • ieee80211-radio.c preamble duration calculation not correct. (Bug 14439)
    • DIS: Malformed packet in SISO-STD-002 transmitter. (Bug 14441)

    Updated Protocol Support:

    • ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL, FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP, LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass Storage, and WCCP

    New and Updated Capture File Support:

    • pcap pcapng