Wireshark Changelog

New in version 1.12.4

March 6th, 2015
  • The following vulnerabilities have been fixed:
  • wnpa-sec-2015-06 - The ATN-CPDLC dissector could crash. (Bug 9952) CVE-2015-2187
  • wnpa-sec-2015-07 - The WCP dissector could crash. (Bug 10844) CVE-2015-2188
  • wnpa-sec-2015-08 - The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
  • wnpa-sec-2015-09 - The LLDP dissector could crash. (Bug 10983) CVE-2015-2190
  • wnpa-sec-2015-10 - The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023) CVE-2015-2191
  • wnpa-sec-2015-11 - The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11024) CVE-2015-2192
  • The following bugs have been fixed:
  • RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630)
  • "Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849)
  • IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006)
  • DNS NXT RR is parsed incorrectly. (Bug 10615)
  • IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
  • IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
  • HTTP chunked response includes data beyond the chunked response. (Bug 10707)
  • DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)
  • Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837)
  • Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)
  • X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)
  • Malformed Packet on rsync-version with length 2. (Bug 10863)
  • ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872)
  • BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873)
  • Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877)
  • "ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879)
  • Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)
  • MEGACO wrong decoding on media port. (Bug 10898)
  • Wrong media format. (Bug 10899)
  • BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)
  • DNS LOC Precision missing units. (Bug 10940)
  • Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)
  • Display Filter Macro unable to edit. (Bug 10957)
  • IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)
  • SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964)
  • Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)
  • NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998)
  • Updated Protocol Support:
  • ACN, ANSI IS-637-A, AppleMIDI, ATN-CPDLC, BGP, BSSGP, CMIP, DHCP, DHCPv6, DIS, DLM3, DMP, DNS, Extreme Networks, ForCES, FTAM, GMHDR, GSM A BSSMAP, GSM A-bis OML, GSM MAP, GSM RLC MAC, GTP, H.248, H.264, HTTP, IEEE 802.11, IPv6, IS-IS, ISMACryp, J1939, Juniper Jmirror, KDP, L2CAP, LDAP, LLDP, MGCP, MIP6, NBNS, NET/ROM, Netflow, Novell PKIS, PANA, PPPoE, RSL, RSYNC, RTMPT, RTP, SCSI OSD, SDP, SMB Pipe, SMPP, SYNCHROPHASOR, TETRA, TiVoConnect, TNEF, USB HID, V.52, VSS-Monitoring, X.509AF, Zebra, and ZigBee
  • New and Updated Capture File Support:
  • NetScaler, PacketLogger, and Pcapng

New in version 1.99.2 (February 5th, 2015)

  • Qt port:
  • The welcome screen layout has been updated.
  • The Preferences dialog no longer crashes on Windows.
  • The packet list header menu has been added.
  • Statistics tree plugins are now supported.
  • The window icon is now displayed properly in the Windows taskbar.
  • A packet list an byte view selection bug has been fixed ([1]Bug 10896)
  • The RTP Streams dialog has been added.
  • The Protocol Hierarchy Statistics dialog has been added.

New in version 1.12.3 (January 8th, 2015)

  • Bug Fixes:
  • wnpa-sec-2015-01 - The WCCP dissector could crash. (Bug 10720, Bug 10806) CVE-2015-0559, CVE-2015-0560
  • wnpa-sec-2015-02 - The LPP dissector could crash. (Bug 10773) CVE-2015-0561
  • wnpa-sec-2015-03 - The DEC DNA Routing Protocol dissector could crash. (Bug 10724) CVE-2015-0562
  • wnpa-sec-2015-04 - The SMTP dissector could crash. (Bug 10823) CVE-2015-0563
  • wnpa-sec-2015-05 - Wireshark could crash while decypting TLS/SSL sessions. Discovered by Noam Rathaus. CVE-2015-0564
  • The following bugs have been fixed:
  • WebSocket dissector: empty payload causes DISSECTOR_ASSERT_NOT_REACHED. (Bug 9332)
  • Wireshark crashes if Lua heuristic dissector returns true. (Bug 10233)
  • Display MEP ID in decimal in OAM Y.1731 Synthetic Loss Message and Reply PDU. (Bug 10500)
  • TCP Window Size incorrectly reported in Packet List. (Bug 10514)
  • Status bar "creeps" to the left a few pixels every time Wireshark is opened. (Bug 10518)
  • E-LMI Message type. (Bug 10531)
  • SMTP decoder can dump binary data to terminal in TShark. (Bug 10536)
  • PTPoE dissector gets confused by packets that include an FCS. (Bug 10611)
  • IPv6 Vendor Specific Mobility Option includes the next mobility option type. (Bug 10618)
  • Save PCAP to PCAPng with commentary fails. (Bug 10656)
  • Display filter "frame contains bytes [2342]" causes a crash. (Bug 10690)
  • Multipath TCP: checksum displayed when it’s not there. (Bug 10692)
  • LTE APN-AMBR is decoded incorrectly. (Bug 10699)
  • DNS NAPTR RR Replacement Length is incorrect. (Bug 10700)
  • IPv6 Experimental mobility header data is interpreted as options. (Bug 10703)
  • Dissector bug, protocol SPDY: tvbuff.c:610: failed assertion "tvb && tvb→initialized". (Bug 10704)
  • BGP: Incorrect decoding AS numbers when mixed AS size. (Bug 10742)
  • BGP update community - incorrect decoding. (Bug 10746)
  • Setting a 6LoWPAN context generates a Wireshark crash. (Bug 10747)
  • FC is not dissected (protocol UNKNOWN). (Bug 10751)
  • Crash when displaying several times INFO column. (Bug 10755)
  • Decoding of longitude value in LCSAP (3GPP TS 29.171) is incorrect. (Bug 10767)
  • Crash when enabling FCoIB manual settings without filling address field. (Bug 10796)
  • RSVP RECORD_ROUTE IPv4 Subobject Flags field incorrect decoding. (Bug 10799)
  • Wireshark Lua engine can’t access protocol field type. (Bug 10801)
  • Field Analysis of OpenFlow v1.4 OFPT_SET_ASYNC. (Bug 10808)
  • Lua: getting fieldinfo.value for FT_NONE causes assert. (Bug 10815)
  • Updated Protocol Support:
  • 6LoWPAN, ADwin, AllJoyn, Art-Net, Asterix, BGP, Bitcoin, Bluetooth OBEX, Bluetooth SDP, CFM, CIP, DCERPC PN-IO, DCERPC SPOOLSS, DEC DNA, DECT, DHCPv6, DNS, DTN, E-LMI, ENIP, Ethernet, Extreme, FCoIB, Fibre Channel, GED125, GTP, H.248, H.264, HiSLIP, IDRP, IEEE 802.11, IEEE P1722.1, Infiniband, IrDA, iSCSI, ISUP, LBMR, LCSAP, LPP, MAC LTE, MAUSB, MBIM, MIM, MIP, MIPv6, MP2T, MPEG-1, NAS EPS, NAT-PMP, NCP, NXP PN532, OpcUa, OpenFlow, PTP, RDM, RPKI-RTR, RSVP, RTnet, RTSP, SCTP, SMPP, SMTP, SPDY, Spice, TCP, WCCP, Wi-Fi P2P, and WiMAX
  • New and Updated Capture File Support:
  • K12

New in version 1.12.2 (November 13th, 2014)

  • Bug Fixes:
  • The following vulnerabilities have been fixed. wnpa-sec-2014-20
  • SigComp UDVM buffer overflow. (Bug 10662) CVE-2014-8710 wnpa-sec-2014-21
  • AMQP crash. (Bug 10582) CVE-2014-8711 wnpa-sec-2014-22
  • NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712 CVE-2014-8713 wnpa-sec-2014-23
  • TN5250 infinite loops. (Bug 10596) CVE-2014-8714
  • The following bugs have been fixed:
  • Wireshark determine packets of MMS protocol as a packets of T.125 protocol. (Bug 10350)
  • 6LoWPAN Mesh headers not treated as encapsulating address. (Bug 10462)
  • UCP dissector bug of operation 31 - PID 0639 not recognized. (Bug 10463)
  • iSCSI dissector rejects PDUs with "expected data transfer length" > 16M. (Bug 10469)
  • GTPv2: trigging_tree under Trace information has wrong length. (Bug 10470)
  • openflow_v1 OFPT_FEATURES_REPLY parsed incorrectly. (Bug 10493)
  • Capture files from a remote virtual interface on MacOS X 10.9.5 aren’t dissected correctly. (Bug 10502)
  • Problem specifying protocol name for filtering. (Bug 10509)
  • LLDP TIA Network Policy Unknown Policy Flag Decode is not correct. (Bug 10512)
  • Decryption of DCERPC with Kerberos encryption fails. (Bug 10538)
  • Dissection of DECRPC NT sid28 shouldn’t show expert info if tree is null. (Bug 10542)
  • Attempt to render an SMS-DELIVER-REPORT instead of an SMS-DELIVER. (Bug 10547)
  • IPv6 Calipso option length is not used properly. (Bug 10561)
  • The SPDY dissector couldn’t dissecting packet correctly. (Bug 10566)
  • IPv6 QuickStart option Nonce is read incorrectly. (Bug 10575)
  • IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field. (Bug 10576)
  • IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data. (Bug 10577)
  • IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data. (Bug 10578)
  • Wrong offset for hf_mq_id_icf1 in packet-mq.c. (Bug 10597)
  • Malformed PTPoE announce packet. (Bug 10611)
  • IPv6 Permanent Home Keygen Token mobility option includes too many bytes for the token field. (Bug 10619)
  • IPv6 Redirect Mobility Option K and N bits are parsed incorrectly. (Bug 10622)
  • IPv6 Care Of Test mobility option includes too many bytes for the Keygen Token field. (Bug 10624)
  • IPv6 MESG-ID mobility option is parsed incorrectly. (Bug 10625)
  • IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
  • IPv6 DNS-UPDATE-TYPE mobility option includes too many bytes for the MD identity field. (Bug 10629)
  • IPv6 Local Mobility Anchor Address mobility option’s code and reserved fields are parsed as 2 bytes instead of 1. (Bug 10630)
  • WCCP v.2.01 extended assignment data element parsed wrong. (Bug 10641)
  • DNS ISDN RR Sub Address field is read one byte early. (Bug 10650)
  • TShark crashes when running with PDML on a specific packet. (Bug 10651)
  • DNS A6 Address Suffix field is parsed incorrectly. (Bug 10652)
  • DNS response time: calculation incorrect. (Bug 10657)
  • SMPP does not display properly the hour field in the Submit_sm Validity Period field. (Bug 10672)
  • DNS Name Length for Zone RR on root is 6 and Label Count is 1. (Bug 10674)
  • DNS WKS RR Protocol field is read as 4 bytes instead of 1. (Bug 10675)
  • IPv6 Mobility Option Context Request reads an extra request. (Bug 10676)
  • The Windows installers no longer include previews of Wireshark 2. If you want to try the new user interface, please download a development (1.99) installer.
  • Updated Protocol Support:
  • 6LoWPAN, AMQP, ANSI IS-637-A, Bluetooth HCI, CoAP, DCERPC (all), DCERPC NT, DNS, GSM MAP, GTPv2, H.223, HPSW, HTTP2, IEEE 802.11, IPv6, iSCSI, Kerberos, LBT-RM, LLDP, MIH, Mobile IPv6, MQ, NCP, OpcUa, OpenFlow, PKTAP, PTPoE, SigComp, SMB2, SMPP, SPDY, Stanag 4607, T.125, UCP, USB CCID, and WCCP
  • New and Updated Capture File Support:
  • Catapult DCT2000, HP-UX nettl, Ixia IxVeriWave, pcap, pcap-ng, RADCOM, and Sniffer (DOS)

New in version 1.12.1 (September 17th, 2014)

  • The following vulnerabilities have been fixed:
  • wnpa-sec-2014-13
  • MEGACO dissector infinite loop. (Bug 10333) CVE-2014-6423
  • wnpa-sec-2014-14
  • Netflow dissector crash. (Bug 10370) CVE-2014-6424
  • wnpa-sec-2014-15
  • CUPS dissector crash. (Bug 10353) CVE-2014-6425
  • wnpa-sec-2014-16
  • HIP dissector infinite loop. CVE-2014-6426
  • wnpa-sec-2014-17
  • RTSP dissector crash. (Bug 10381) CVE-2014-6427
  • wnpa-sec-2014-18
  • SES dissector crash. (Bug 10454) CVE-2014-6428
  • wnpa-sec-2014-19
  • Sniffer file parser crash. (Bug 10461) CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
  • The following bugs have been fixed:
  • Wireshark can crash during remote capture (rpcap) configuration. (Bug 3554, Bug 6922, ws-buglink:7021)
  • 802.11 capture does not decrypt/decode DHCP response. (Bug 8734)
  • Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or s. (Bug 10213)
  • No progress line in "VOIP RTP Player". (Bug 10307)
  • MIPv6 Service Selection Identifier parse error. (Bug 10323)
  • Probably wrong length check in proto_item_set_end. (Bug 10329)
  • 802.11 BA sequence number decode is broken. (Bug 10334)
  • wmem_alloc_array() "succeeds" (and clobbers memory) when requested to allocate 0xaaaaaaaa items of size 12. (Bug 10343)
  • Different dissection results for same file. (Bug 10348)
  • Mergecap wildcard breaks in version 1.12.0. (Bug 10354)
  • Diameter TCP reassemble. (Bug 10362)
  • TRILL NLPID 0xc0 unknown to Wireshark. (Bug 10382)
  • BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly. (Bug 10384)
  • Ethernet OAM (CFM) frames including TLV’s are wrongly decoded as malformed. (Bug 10385)
  • BGP4: Wireshark skipped some potion of AS_PATH. (Bug 10399)
  • MAC address name resolution is broken. (Bug 10344)
  • Wrong decoding of RPKI RTR End of Data PDU. (Bug 10411)
  • SSL/TLS dissector incorrectly interprets length for status_request_v2 hello extension. (Bug 10416)
  • Misparsed NTP control assignments with empty values. (Bug 10417)
  • 6LoWPAN multicast address decompression problems. (Bug 10426)
  • Netflow v9 flowset not decoded if options template has zero-length scope section. (Bug 10432)
  • GUI Hangs when Selecting Path to GeoIP Files. (Bug 10434)
  • AX.25 dissector prints unprintable characters. (Bug 10439)
  • 6LoWPAN context handling not working. (Bug 10443)
  • SIP: When export to a CSV, Info is changed to differ. (Bug 10453)
  • Typo in packet-netflow.c. (Bug 10458)
  • Incorrect MPEG-TS decoding (OPCR field). (Bug 10446)
  • Updated Protocol Support:
  • 6LoWPAN, A21, ACR122, Art-Net, AX.25, BGP, BTLE, CAPWAP, DIAMETER, DICOM, DVB-CI, Ethernet OAM, HIP, HiSLIP, HTTP2, IEEE 802.11, MAUSB, MEGACO, MIPv6, MP2T, Netflow, NTP, openSAFETY, OSI, RDM, RPKI RTR, RTSP, SES, SIP, TLS, and Token Ring MAC
  • New and Updated Capture File Support:
  • DOS Sniffer, and NetScaler

New in version 1.12.0 (August 1st, 2014)

  • Bug Fixes:
  • "On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, Bug 9390)
  • "Follow TCP Stream" shows only the first HTTP request and response. (Bug 9044)
  • Files with pcap-ng Simple Packet Blocks can’t be read. (Bug 9200)
  • MPLS-over-PPP isn’t recognized. (Bug 9492)
  • New and Updated Features:
  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The "Number" column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C and/or -s options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
  • The Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, changing a lot of filter names.
  • Additionally the Windows installers have an extra component: a preview of the upcoming user interface for Wireshark 2.0.
  • Transport name resolution is now disabled by default.
  • Support has been added for all versions of the DCBx protocol.
  • Cleanup of LLDP code, all dissected fields are now navigable.
  • Qt port:
  • The About dialog has been added
  • The Capture Interfaces dialog has been added.
  • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
  • The Export PDU dialog has been added.
  • Several SCTP dialogs have been added.
  • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
  • The I/O Graph dialog has been added.
  • French translation has updated.
  • Mac OS X packaging has been improved.
  • Dissector output may be encoded as UTF-8. This includes TShark output.
  • Qt port:
  • The Follow Stream dialog now supports packet and TCP stream selection.
  • A Flow Graph (sequence diagram) dialog has been added.
  • The main window now respects geometry preferences.
  • Removed Dissectors:
  • The ASN1 plugin has been removed as it’s deemed obsolete.
  • The GNM dissector has been removed as it was never used.
  • The Kerberos hand made dissector has been replaced by one generated from ASN1 code.
  • Platform Support:
  • Support for Windows XP has been deprecated. We will make an effort to support it for as long as possible but our ability to do so depends on upstream packages and other factors beyond our control.
  • U3 packages are no longer supported or provided.
  • This is the last major release that will support 32-bit versions of Mac OS X.
  • New Protocol Support:
  • 29West, 802.1AE Secure tag, A21, ACR122, ADB Client-Server, AllJoyn, Apple PKTAP, Aruba Instant AP, ASTERIX, ATN, Bencode, Bluetooth 3DS, Bluetooth HSP, Bluetooth Linux Monitor Transport, Bluetooth Low Energy, Bluetooth Low Energy RF Info, CARP, CFDP, Cisco MetaData, DCE/RPC MDSSVC, DeviceNet, ELF file format, Ethernet Local Management Interface (E-LMI), Ethernet Passive Optical Network (EPON), EXPORTED PDU, FINGER, HDMI, High-Speed LAN Instrument Protocol (HiSLIP), HTTP2, IDRP, IEEE 1722a, ILP, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, Kafka, Kyoto Tycoon, Landis & Gyr Telegyr 8979, LBM, LBMC, LBMPDM, LBMPDM-TCP, LBMR, LBT-RM, LBT-RU, LBT-TCP, Lightweight Mesh (v1.1.1), Link16, Linux netlink, Linux netlink netfilter, Linux netlink sock diag, Linux rtnetlink (route netlink), Logcat, MBIM, Media Agnostic USB (MA USB), MiNT, MP4 / ISOBMFF file format, MQ Telemetry Transport Protocol, MS NLB (Rewrite), Novell PKIS certificate extensions, NXP PN532 HCI, Open Sound Control, OpenFlow, Pathport, PDC, Picture Transfer Protocol Over IP, PKTAP, Private Data Channel, QUIC (Quick UDP Internet Connections), SAE J1939, SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection, Sippy RTPproxy, SMB-Direct, SPDY, STANAG 4607, STANAG 5066 DTS, STANAG 5066 SIS, Tinkerforge, Ubertooth, UDT, URL Encoded Form Data, USB Communications and CDC Control, USB Device Firmware Upgrade, VP8, WHOIS, Wi-Fi Display, and ZigBee Green Power profile
  • Updated Protocol Support
  • New and Updated Capture File Support:
  • Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer Sublayer
  • Major API Changes
  • The libwireshark API has undergone some major changes:
  • A more flexible, modular memory manager (wmem) has been added. It was available experimentally in 1.10 but is now mature and has mostly replaced the old emem API (which is deprecated).
  • A new API for expert information has been added, replacing the old one.
  • The tvbuff API has been cleaned up: tvb_length has been renamed to tvb_captured_length for clarity, and tvb_get_string and tvb_get_stringz have been deprecated in favour of tvb_get_string_enc and tvb_get_stringz_enc.
  • dissector_try_heuristic() signature has been changed to return heur_dtbl_entry_t to make it possible to save it and use it in subsequent calls to avoid the overhead of going trough the heuristics list.

New in version 1.10.8 (June 13th, 2014)

  • The following vulnerabilities have been fixed:
  • wnpa-sec-2014-07 - The frame metadissector could crash. (Bug 9999, Bug 10030). Versions affected: 1.10.0 to 1.10.7 - CVE-2014-4020
  • The following bugs have been fixed:
  • VoIP flow graph crash upon opening. (Bug 9179)
  • Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
  • IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
  • Failed to export pdml on large pcap. (Bug 10081)
  • TCAP: set a fence on info column after calling sub dissector (Bug 10091)
  • Dissector bug in JSON protocol. (Bug 10115)
  • GSM RLC MAC: do not skip too many lines of the CSN_DESCR when the field is missing (Bug 10120)
  • Wireshark PEEKREMOTE incorrectly decoding QoS data packets from Cisco Sniffer APs. (Bug 10139)
  • IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)
  • Updated Protocol Support:
  • CIP, EtherNet/IP, GSM RLC MAC, IEEE 802.11, IPv6, and TCAP
  • New and Updated Capture File Support:
  • pcap-ng, and PEEKREMOTE

New in version 1.10.7 (April 23rd, 2014)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2014-06
  • The RTP dissector could crash. (Bug 9885)
  • Versions affected: 1.10.0 to 1.10.6
  • CVE-2014-2907
  • The following bugs have been fixed:
  • RTP not decoded inside the conversation in v.1.10.1 (Bug 9021)
  • SIP/SDP: disabled second media stream disables all media streams (Bug 9835)
  • Lua: trying to get/access a Preference before its registered causes a segfault (Bug 9853)
  • Some value_string strings contain newlines. (Bug 9878)
  • Tighten the NO_MORE_DATA_CHECK macros (Bug 9932)
  • Fix crash when calling "MAP Summary" dialog when no file is open (Bug 9934)
  • Fix comparing a sequence number of TCP fragment when its value wraps over uint32_t limit (Bug 9936)
  • Updated Protocol Support:
  • ANSI A, DVB-CI, GSM DTAP, GSM MAP, IEEE 802.11, LCSAP, LTE RRC, MAC LTE, Prism, RTP, SDP, SIP, and TCP

New in version 1.10.6 (March 8th, 2014)

  • Bug Fixes:
  • The following vulnerabilities have been fixed:
  • wnpa-sec-2014-01. The NFS dissector could crash. Discovered by Moshe Kaplan. (Bug 9672). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2281
  • wnpa-sec-2014-02. The M3UA dissector could crash. Discovered by Laurent Butti. (Bug 9699). Versions affected: 1.10.0 to 1.10.5 - CVE-2014-2282
  • wnpa-sec-2014-03. The RLC dissector could crash. (Bug 9730). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2283
  • wnpa-sec-2014-04. The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen. (Bug 9843). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2299
  • The following bugs have been fixed:
  • Customized OUI is not recognized correctly during dissection. (Bug 9122)
  • Properly decode CAPWAP Data Keep-Alives. (Bug 9165)
  • Build failure with GTK 3.10 - GTK developers have gone insane. (Bug 9340)
  • SIGSEGV/SIGABRT during free of TvbRange using a chained dissector in lua. (Bug 9483)
  • MPLS dissector no longer registers itself in "ppp.protocol" table. (Bug 9492)
  • Tshark doesn’t display the longer data fields (mbtcp). (Bug 9572)
  • DMX-CHAN disector does not clear strbuf between rows. (Bug 9598)
  • Dissector bug, protocol SDP: proto.c:4214: failed assertion "length >= 0". (Bug 9633)
  • False error: capture file appears to be damaged or corrupt. (Bug 9634)
  • SMPP field source_telematics_id field length different from spec. (Bug 9649)
  • Lua: bitop library is missing in Lua 5.2. (Bug 9720)
  • GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct. (Bug 9722)
  • Lua: ProtoField.new() is buggy. (Bug 9725)
  • Lua: ProtoField.bool() VALUESTRING argument is not optional but was supposed to be. (Bug 9728)
  • Problem with CAPWAP Wireshark Dissector. (Bug 9752)
  • nas-eps dissector: CS Service notification dissection stops after Paging identity IE. (Bug 9789)
  • New and Updated Features:
  • IPv4 checksum verfification is now disabled by default.
  • Updated Protocol Support:
  • AppleTalk, CAPWAP, DMX-CHAN, DSI, DVB-CI, ESS, GTPv1, IEEE 802a, M3UA, Modbus/TCP, NAS-EPS, NFS, OpenSafety, SDP, and SMPP
  • New and Updated Capture File Support:
  • libpcap, MPEG, and pcap-ng

New in version 1.10.5 (December 20th, 2013)

  • Wireshark stops showing new packets but dumpcap keeps writing them to the temp file. (Bug 9571)
  • Wireshark 1.10.4 shuts down when promiscuous mode is unchecked. (Bug 9577)
  • Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address. (Bug 9578)

New in version 1.10.4 (December 18th, 2013)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2013-66
  • The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (Bug 9388)
  • Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
  • CVE-2013-7112
  • wnpa-sec-2013-67
  • The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488)
  • Versions affected: 1.10.0 to 1.10.3
  • CVE-2013-7113
  • wnpa-sec-2013-68
  • The NTLMSSP v2 dissector could crash. Discovered by Garming Sam.
  • Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
  • CVE-2013-7114
  • The following bugs have been fixed:
  • "On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, ws-buglink:9390)
  • Tx MCS set is not interpreted properly in WLAN beacon frame. (Bug 8894)
  • VoIP Graph Analysis window - some calls are black. (Bug 8966)
  • Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031)
  • epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?. (Bug 9112)
  • gsm_map doesn’t decode MAPv3 reportSM-DeliveryStatus result. (Bug 9382)
  • Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
  • Timestamp decoded for Gigamon trailer is not padded correctly. (Bug 9433)
  • SEL Fast Message Bug-fix for Signed 16-bit Integer Fast Meter Messages. (Bug 9435)
  • DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug 9442)
  • GSM SMS User Data header fill bits are wrong when using a 7 bits ASCII / IA5 encoding. (Bug 9478)
  • WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded. (Bug 9505)
  • DTLS: fix buffer overflow in mac check. (Bug 9512)
  • [PATCH] Correct data length in SCSI_DATA_IN packets (within iSCSI). (Bug 9521)
  • GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (Bug 9550)
  • Fix "decode as …" for packet-time.c. (Bug 9563)
  • New and Updated Features:
  • There are no new features in this release.
  • New Protocol Support:
  • There are no new protocols in this release.
  • Updated Protocol Support:
  • ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
  • New and Updated Capture File Support:
  • and Pcap-ng.

New in version 1.11.2 (November 20th, 2013)

  • Bug Fixes:
  • The following bugs have been fixed:
  • "On-the-wire" packet lengths are limited to 65535 bytes.
  • "Follow TCP Stream" shows only the first HTTP req+res.
  • Files with pcap-ng Simple Packet Blocks can't be read.
  • New and Updated Features:
  • Qt port:
  • The Follow Stream dialog now supports packet and TCP stream selection.
  • A Flow Graph (sequence diagram) dialog has been added.
  • The main window now respects geometry preferences.
  • New Protocol Support:
  • 802.1AE Secure tag, ASTERIX, ATN, BT 3DS, CARP, Cisco MetaData, ELF file format, EXPORTED PDU, FINGER, HTTP2, IDRP, ILP, Kafka, Kyoto Tycoon binary protocol, MBIM, MiNT, MP4 / ISOBMFF file format, NXP PN532 HCI, OpenFlow, Picture Transfer Protocol Over IP, QUIC (Quick UDP Internet Connections), SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection, Sippy RTPproxy, STANAG 4607, STANAG 5066 SIS, Tinkerforge, UDT, URL Encoded Form Data, WHOIS, and Wi-Fi Display
  • Updated Protocol Support:
  • Too many protocols have been updated to list here.
  • New and Updated Capture File Support
  • Netscaler 2.6, and STANAG 4607

New in version 1.10.3 (November 1st, 2013)

  • The following vulnerabilities have been fixed:
  • The IEEE 802.15.4 dissector could crash. (Bug 9139)
  • The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168)
  • The SIP dissector could crash. (Bug 9228)
  • The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248)
  • The TCP dissector could crash. (Bug 9263)
  • The following bugs have been fixed:
  • new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (Bug 5349)
  • TLS decryption fails with XMPP start_tls. (Bug 8871)
  • Wrong Interpretation of GTS starting slot. (Bug 8946)
  • "Follow TCP Stream" shows only the first HTTP req+res. (Bug 9044)
  • The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
  • Crash then try to delete the same entry (length range) twice. (Bug 9129)
  • Crash if wrong "packet lengths range" entered. (Bug 9130)
  • Bssgp ⇒ SGSN-INVOKE-TRACE use the wrong function… (Bug 9157)
  • Minor correction to dissection of DLR frames in Ethernet/IP dissector. (Bug 9186)
  • WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
  • EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (Bug 9199)
  • Files with pcap-ng Simple Packet Blocks can’t be read. (Bug 9200)
  • Bug in RTP dissector if RTP extension is present. (Bug 9204)
  • Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (Bug 9206)
  • "make debian-package" fails, missing wsicon32.xpm. (Bug 9209)
  • Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
  • Ring buffer crash when tshark gets too far behind dumpcap. (Bug 9258)
  • PTP Dissector Wrongfully Reports Malformed Packet. (Bug 9262)
  • Wireshark lua dissector unable to load for media_type=application/octet-stream. (Bug 9296)
  • Wireshark crash when dissecting packet with NTLMSSP. (Bug 9299)
  • Padding in uint64 field in DCERPC protocol wrongly reported. (Bug 9300)
  • DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (Bug 9301)
  • Multiple PDUs in the same DCERPC packet are not correctly decrypted. (Bug 9302)
  • The tshark summary line doesn’t display the frame number or displays it sporadically. (Bug 9317)
  • Bluetooth: SDP improvements and minor fixes. (Bug 9327)
  • Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (Bug 9360)
  • Updated Protocol Support:
  • 3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP

New in version 1.10.2 (September 11th, 2013)

  • The following vulnerabilities have been fixed:
  • wnpa-sec-2013-54
  • The Bluetooth HCI ACL dissector could crash. Discovered by Laurent Butti. (Bug 8827)
  • Versions affected: 1.10.0 to 1.10.1
  • wnpa-sec-2013-55
  • The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9005)
  • Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • wnpa-sec-2013-56
  • The ASSA R3 dissector could go into an infinite loop. Discovered by Ben Schmidt. (Bug 9020)
  • Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • wnpa-sec-2013-57
  • The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (Bug 9019)
  • Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • wnpa-sec-2013-58
  • The MQ dissector could crash. (Bug 9079)
  • Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • wnpa-sec-2013-59
  • The LDAP dissector could crash. Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • wnpa-sec-2013-60
  • The Netmon file parser could crash. Discovered by G. Geshev. (Bug 8742)
  • Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
  • The following bugs have been fixed:
  • Lua ByteArray:append() causes wireshark crash. (Bug 4461)
  • Lua script can not get "data-text-lines" protocol data. (Bug 5200)
  • Lua: Trying to use Field.new("tcp.segments") to get reassembled TCP data is failed. (Bug 5201)
  • "Edit Interface Settings": "Capture Filter" combo box is not populated across Wireshark sessions. (Bug 7278)
  • PER normally small non-negative whole number decoding is wrong when >= 64. (Bug 8841)
  • Strange behavior of tree expand/collapse in packet details. (Bug 8908)
  • Incorrect parsing of IPFIX *IpTotalLength elements. (Bug 8918)
  • IO graph/advanced, max/min/summ error on frames with multiple Diameter messages. (Bug 8980)
  • pod2man error on reordercap.pod. (Bug 8982)
  • SGI Nsym disambiguation is unconditionally displayed when dissecting VHT. (Bug 8989)
  • The Wireshark icon doesn’t show up in OS X 10.5. (Bug 8993)
  • Build fails if system Python is version 3+. (Bug 8995)
  • SCSI dissector does not parse PERSISTENT RESERVE commands correctly. (Bug 9012)
  • SDP messages throws an assert. (Bug 9022)
  • Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031)
  • PN_MRP LinkUp Message is shown as LinkDown in info. (Bug 9035)
  • Dissector for EtherCAT: ADS highlighting in the Packet Bytes Pane is incorrect. (Bug 9036)
  • 802.11 HT Extended Capabilities B10 decode incorrect. (Bug 9038)
  • Wrong dissection of MSTI Root Identifiers for all MSTIs. (Bug 9088)
  • Weird malformed HTTP error. (Bug 9101)
  • Warning for attempting to install 64-bit Wireshark on a 32-bit machine has an embedded "\n". (Bug 9103)
  • Wireshark crashes when using "Export Specified Packets" > "Displayed". (Bug 9106)
  • Updated Protocol Support:
  • ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2, HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS, PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
  • New and Updated Capture File Support:
  • and Microsoft Network Monitor, pcap-ng.

New in version 1.10.1 (July 27th, 2013)

  • Bugs fixed:
  • Mark retransmitted SYN and FIN packets as retransmissions.
  • Wireshark hides under Taskbar. (Bug 3034)
  • IEEE 802.15.4 frame check sequence in "Chipcon mode" not displayed correctly. (Bug 4507)
  • Mask in Lua ProtoField.uint32() does not work as expected. (Bug 5734)
  • Crash when applying filter with Voip calls. (Bug 6090)
  • Delta time regressions to tshark introduced with SVN 45071. (Bug 8160)
  • Add MAC-DATA support to TETRA dissector and other minor improvements. (Bug 8708)
  • Crash analyzing VoIP Calls (T38). (Bug 8736)
  • Wireshark writes empty NRB FQDN which makes trace unloadable. (Bug 8763)
  • Quick launch icon is absent, so it shows up as a generic icon. (Bug 8773)
  • Wrong encoding for 2 pod files, UTF-8 characters in another. (Bug 8774)
  • SCSI (SPC) sense key specific information field must not include SKSV. (Bug 8782)
  • Wireshark crashes when closing Flow Graph with Graph Analysis opened. (Bug 8793)
  • Wrong size of LLRP ProtocolID Parameter in Accessspec Parameter. (Bug 8809)
  • Detection of IPv6 works only on Solaris 8. (Bug 8813)
  • ip.opt.type triggers for TCP NOP option. (Bug 8823)
  • DCOM-SYSACT dissector crash. (Bug 8828)
  • Incorrect decoding of MPLS Echo Request with BGP FEC. (Bug 8835)
  • Buggy IEC104 dissector caused by commit r48958. (Bug 8849)
  • ansi_637_tele dissector displays MSB as MBS for Call-Back Number. (Bug 8851)
  • LISP Map-Notify flags I and R shown incorrectly. (Bug 8852)
  • ONTAP_V4 fhandle decoding leads to dissector bug. (Bug 8853)
  • Dropped bytes in imap dissector. (Bug 8857)
  • Kismet drone/server dissector improvements. (Bug 8864)
  • TShark iostat_draw sizeof mismatch. (Bug 8888)
  • SCTP bytes graph crash. (Bug 8889)
  • Patch to Wireshark/tshark usage info and man pages to document all timestamp (-t) options. (Bug 8906)
  • Strange behavior of tree expand/collapse in packet details. (Bug 8908)
  • Graph Filter field limited to 256 characters. (Bug 8909)
  • Filter doesn’t support cflow ASN larger than 65535. (Bug 8959)
  • Wireshark crashes when switching from a v1.11.0 profile to a v1.4.6 prof and then to a v1.5.1 prof. (Bug 8884)
  • SIP stats shows incorrect values for Max/Ave setup times. (Bug 8897)
  • NFSv4 delegation not reported correctly. (Bug 8920)
  • Issue with Capture Options Adapter List. (Bug 8932)
  • RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility option IPv4 DHCP Support Mode Option malformed packet. (Bug 8957)
  • RFC 3775 - Mobility Support in IPv6 - Mobility option PadN incorrectly highlights + 2 bytes. (Bug 8958)
  • All mongodb query show as [Malformed Packet: MONGO]. (Bug 8960)
  • Updated Protocol Support:
  • ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB, DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP, DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE 802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,, Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1, PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI, SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
  • New and Updated Capture File Support:
  • and Microsoft Network Monitor, pcap-ng.

New in version 1.10.0 (June 6th, 2013)

  • Bug Fixes:
  • Redirecting the standard output didn’t redirect the output the of -D or -L flags. This fix means that the output of those flags now goes to the standard output, not the standard error, as it did in previous releases. Bug 8609
  • New and Updated Features:
  • Wireshark on 32- and 64-bit Windows supports automatic updates.
  • The packet bytes view is faster.
  • You can now display a list of resolved host names in "hosts" format within Wireshark.
  • The wireless toolbar has been updated.
  • Wireshark on Linux does a better job of detecting interface addition and removal.
  • It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
  • The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
  • USB type and product name support has been improved.
  • All Bluetooth profiles and protocols are now supported.
  • Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
  • The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
  • Capinfos now prints human-readable statistics with SI suffixes by default.
  • It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
  • Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
  • Wireshark can be compiled using GTK+ 3.
  • The Wireshark application icon, capture toolbar icons, and other icons have been updated.
  • Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
  • Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
  • Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
  • Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
  • The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
  • New Protocol Support:
  • Amateur Radio AX.25, Amateur Radio BPQ, Amateur Radio NET/ROM, America Online (AOL), AR Drone, Automatic Position Reporting System (APRS), AX.25 KISS, AX.25 no Layer 3, Bitcoin Protocol, Bluetooth Attribute Protocol, Bluetooth AVCTP Protocol, Bluetooth AVDTP Protocol, Bluetooth AVRCP Profile, Bluetooth BNEP Protocol, Bluetooth HCI USB Transport, Bluetooth HCRP Profile, Bluetooth HID Profile, Bluetooth MCAP Protocol, Bluetooth SAP Profile, Bluetooth SBC Codec, Bluetooth Security Manager Protocol, Cisco GED-125 Protocol, Clique Reliable Multicast Protocol (CliqueRM), D-Bus, Digital Transmission Content Protection over IP, DVB-S2 Baseband, FlexNet, Forwarding and Control Element Separation Protocol (ForCES), Foundry Discovery Protocol (FDP), Gearman Protocol, GEO-Mobile Radio (1) RACH, HoneyPot Feeds Protocol (HPFEEDS), LTE Positioning Protocol Extensions (LLPe), Media Resource Control Protocol Version 2 (MRCPv2), Media-Independent Handover (MIH), MIDI System Exclusive (SYSEX), Mojito DHT, MPLS-TP Fault-Management, MPLS-TP Lock-Instruct, NASDAQ’s OUCH 4.x, NASDAQ’s SoupBinTCP, OpenVPN Protocol, Pseudo-Wire OAM, RPKI-Router Protocol, SEL Fast Message, Simple Packet Relay Transport (SPRT), Skype, Smart Message Language (SML), SPNEGO Extended Negotiation Security Mechanism (NEGOEX), UHD/USRP, USB Audio, USB Video, v.150.1 State Signaling Event (SSE), VITA 49 Radio Transport, VNTAG, WebRTC Datachannel Protocol (RTCDC), and WiMAX OFDMA PHY SAP
  • 2.4. Updated Protocol Support
  • New and Updated Capture File Support:
  • AIX iptrace, CAM Inspector, Catapult DCT2000, Citrix NetScaler, DBS Etherwatch (VMS), Endace ERF, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, NA Sniffer (DOS), Netscreen, Network Instruments Observer, pcap, pcap-ng, Symbian OS btsnoop, TamoSoft CommView, and Tektronix K12xx

New in version 1.8.7 (May 18th, 2013)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2013-23
  • The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
  • Versions affected: 1.8.0 to 1.8.6.
  • CVE-2013-2486
  • CVE-2013-2487
  • wnpa-sec-2013-24
  • The GTPv2 dissector could crash. (Bug 8493)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-25
  • The ASN.1 BER dissector could crash. (Bug 8599)
  • Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
  • wnpa-sec-2013-26
  • The PPP CCP dissector could crash. (Bug 8638)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-27
  • The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-28
  • The MPEG DSM-CC dissector could crash. (Bug 8481)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-29
  • The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-30
  • The MySQL dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8458)
  • Versions affected: 1.8.0 to 1.8.6.
  • wnpa-sec-2013-31
  • The ETCH dissector could go into a large loop. Discovered by Moshe Kaplan. (Bug 8464)
  • Versions affected: 1.8.0 to 1.8.6.
  • The following bugs have been fixed:
  • The Windows installer and uninstaller does a better job of detecting running executables.
  • Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
  • SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
  • A console window is never opened. (Bug 7755)
  • GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
  • Fix include and libs search path when cross compiling. (Bug 7926)
  • PER dissector crash. (Bug 8197)
  • pcap-ng: name resolution block is not written to file on save. (Bug 8317)
  • Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
  • Decoding of GSM MAP E164 Digits. (Bug 8450)
  • Silent installer and uninstaller not silent. (Bug 8451)
  • Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
  • Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
  • IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
  • geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
  • IRC message with multiple params causes malformed packet exception. (Bug 8548)
  • Part of Ping Reply Message in ICMPv6 Reply Message is marked as "Malformed Packet". (Bug 8554)
  • MP2T wiretap heuristic overriding ERF. (Bug 8556)
  • Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
  • Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
  • "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be "ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
  • wireshark crashes while displaying I/O Graph. (Bug 8583)
  • GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
  • DTLS 1.2 uses wrong PRF. (Bug 8608)
  • RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
  • Universal port not accepted in RSA Keys List window. (Bug 8618)
  • Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
  • LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
  • Bad tcp checksum not detected. (Bug 8629)
  • AMR Frame Type uses wrong Value String. (Bug 8681)
  • New and Updated Features:
  • There are no new features in this release.
  • New Protocol Support:
  • There are no new protocols in this release.
  • Updated Protocol Support:
  • AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
  • New and Updated Capture File Support:
  • Endace ERF, NetScreen snoop.

New in version 1.8.6 (March 7th, 2013)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2013-10
  • The TCP dissector could crash. (Bug 8274)
  • Versions affected: 1.8.0 to 1.8.5.
  • CVE-2013-2475
  • wnpa-sec-2013-11
  • The HART/IP dissectory could go into an infinite loop. (Bug 8360)
  • Versions affected: 1.8.0 to 1.8.5.
  • CVE-2013-2476
  • wnpa-sec-2013-12
  • The CSN.1 dissector could crash. Discovered by Laurent Butti. (Bug 8383)
  • Versions affected: 1.8.0 to 1.8.5.
  • CVE-2013-2477
  • wnpa-sec-2013-13
  • The MS-MMS dissector could crash. Discovered by Laurent Butti. (Bug 8382)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2478
  • wnpa-sec-2013-14
  • The MPLS Echo dissector could go into an infinite loop. Discovered by Laurent Butti. (Bug 8039)
  • Versions affected: 1.8.0 to 1.8.5.
  • CVE-2013-2479
  • wnpa-sec-2013-15
  • The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (Bug 8332)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2480
  • wnpa-sec-2013-16
  • The Mount dissector could crash. Discovered by Alyssa Milburn. (Bug 8335)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2481
  • wnpa-sec-2013-17
  • The AMPQ dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8337)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2482
  • wnpa-sec-2013-18
  • The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (Bug 8340)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2483
  • wnpa-sec-2013-19
  • The CIMD dissector could crash. Discovered by Moshe Kaplan. (Bug 8346)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2484
  • wnpa-sec-2013-20
  • The FCSP dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8359)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2485
  • wnpa-sec-2013-21
  • The RELOAD dissector could go into an infinite loop. Discovered by Even Jensen. (Bug 8364)
  • Versions affected: 1.8.0 to 1.8.5.
  • CVE-2013-2486
  • CVE-2013-2487
  • wnpa-sec-2013-22
  • The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8380)
  • Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
  • CVE-2013-2488
  • The following bugs have been fixed:
  • Lua pinfo.cols.protocol not holding value in postdissector. (Bug 6020)
  • data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)
  • HTTP application/json-rpc should be decoded/shown as application/json. (Bug 7939)
  • Maximum value of 802.11-2012 Duration field should be 32767. (Bug 8056)
  • Voice RTP player crash if player is closed while playing. (Bug 8065)
  • Display Filter Macros crash. (Bug 8073)
  • RRC RadioBearerSetup message decoding issue. (Bug 8290)
  • R-click filters add ! in front of field when choosing "apply as filter>selected". (Bug 8297)
  • BACnet - Loop Object - Setpoint-Reference property does not decode correctly. (Bug 8306)
  • WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number. (Bug 8320)
  • Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
  • Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames. (Bug 8325)
  • Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC. (Bug 8330)
  • [BACnet] UCS-2 strings longer than 127 characters do not decode correctly. (Bug 8331)
  • Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug 8345)
  • Decoding of GSM MAP SMS Diagnostics. (Bug 8378)
  • Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP). (Bug 8407)
  • Netflow dissector flowDurationMicroseconds nanosecond conversion wrong. (Bug 8410)
  • BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)
  • Updated Protocol Support:
  • ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP

New in version 1.8.5 (January 30th, 2013)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2013-01
  • Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-02
  • The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-03
  • The DTN dissector could crash. (Bug 7945)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-04
  • The MS-MMC dissector (and possibly others) could crash. (Bug 8112)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-05
  • The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-06
  • The ROHC dissector could crash. (Bug 7679)
  • Versions affected: 1.8.0 to 1.8.4.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-07
  • The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-08
  • The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197)
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • wnpa-sec-2013-09
  • The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar.
  • Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
  • GENERIC-MAP-NOMATCH
  • The following bugs have been fixed:
  • SNMPv3 Engine ID registration. (Bug 2426)
  • Wrong decoding of gtp.target identification. (Bug 3974)
  • Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
  • Wireshark crashes when starting due to out-of-date plugin left behind from earlier installation. (Bug 7401)
  • Failed to dissect TLS handshake packets. (Bug 7435)
  • ISUP dissector problem with empty Generic Number. (Bug 7632)
  • Illegal character is used in temporary capture file name. (Bug 7877)
  • Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
  • Timestamp info is not saved correctly when writing DOS Sniffer files. (Bug 7998)
  • 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
  • Core dumped when the file is closed. (Bug 8022)
  • LPP is misspelled in APDU parameter in e-CIDMeasurementInitiation request for LPPA message. (Bug 8023)
  • Wrong packet bytes are selected for ISUP CUG binary code. (Bug 8035)
  • Decodes FCoE Group Multicast MAC address as Broadcom MAC address. (Bug 8046)
  • The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages. (Bug 8075)
  • Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
  • Some Information Elements in GTPv2 are not dissected correctly. (Bug 8079)
  • Wrong bytes highlighted with "Find Packet...". (Bug 8085)
  • 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
  • Wireshark does not show "Start and End Time" information for Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
  • GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag in Common Flags IE. (Bug 8193)
  • Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC & ECI. (Bug 8208)
  • Version Number in EtherIP dissector. (Bug 8211)
  • Warn Dissector bug, protocol JXTA. (Bug 8212)
  • Electromagnetic Emission Parser parses field Event Id as Entity Id. (Bug 8227)
  • New and Updated Features:
  • There are no new features in this release.
  • New Protocol Support:
  • There are no new protocols in this release.
  • Updated Protocol Support:
  • ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1, DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP, Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow, IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS, NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
  • New and Updated Capture File Support
  • About→Folders to find the default locations on your system.

New in version 1.8.4 (November 29th, 2012)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2012-30
  • Wireshark could leak potentially sensitive host name resolution information when working with multiple pcap-ng files. Discovered by Laura Chappell.
  • Versions affected: 1.8.0 to 1.8.3.
  • wnpa-sec-2012-31
  • The USB dissector could go into an infinite loop. (Bug 7787)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • wnpa-sec-2012-32
  • The sFlow dissector could go into an infinite loop. (Bug 7789)
  • Versions affected: 1.8.0 to 1.8.3.
  • wnpa-sec-2012-33
  • The SCTP dissector could go into an infinite loop. (Bug 7802)
  • Versions affected: 1.8.0 to 1.8.3.
  • wnpa-sec-2012-34
  • The EIGRP dissector could go into an infinite loop. (Bug 7800)
  • Versions affected: 1.8.0 to 1.8.3.
  • wnpa-sec-2012-35
  • The ISAKMP dissector could crash. (Bug 7855)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • wnpa-sec-2012-36
  • The iSCSI dissector could go into an infinite loop. (Bug 7858)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • wnpa-sec-2012-37
  • The WTP dissector could go into an infinite loop. (Bug 7869)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • wnpa-sec-2012-38
  • The RTCP dissector could go into an infinite loop. (Bug 7879)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • wnpa-sec-2012-39
  • The 3GPP2 A11 dissector could go into an infinite loop. (Bug 7801)
  • Versions affected: 1.8.0 to 1.8.3.
  • wnpa-sec-2012-40
  • The ICMPv6 dissector could go into an infinite loop. (Bug 7844)
  • Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
  • The following bugs have been fixed:
  • Menu and Title bars inaccessible using GTK2 (non-legacy) with two monitors. (Bug 553)
  • 802.11 Probe Response fails to parse. (Bug 1284)
  • Tshark - decimal symbol. (Bug 2880)
  • Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
  • SSL decryption not work even with example capture file and key. (Bug 6869)
  • Info line is incorrect on SIP message containing another SIP message in body. (Bug 7780)
  • OOPS: dissector table "sctp.ppi" doesn't exist Protocol being registered is "Datagram Transport Layer Security". (Bug 7784)
  • Dissection of IEEE 802.11 Channel Switch Announcement element fails. (Bug 7797)
  • Invalid memory accesses when loading RADIUS captures. (Bug 7803)
  • ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
  • We don't handle pcap-ng files with IDBs that come after packet blocks. (Bug 7851)
  • '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA dialog does not work. (Bug 7866)
  • nas_eps dissector does not decode some esm message. (Bug 7912)
  • WLAN decryption status not updated after updating WEP/WPA keys. (Bug 7921)
  • IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
  • Print GNUTLS error message if PEM import fails. (Bug 7948)
  • GSM classmark3 8-PSK decode error. (Bug 7964)
  • Parsing the Server Name Indication extension in SSL/TLS traffic reads some fields incorrectly. (Bug 7967)
  • Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
  • 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
  • Misspelling (typo) in IPv6 display filter field name. (Bug 8006)
  • Two BSSGP dissector bugs. (Bug 8008)
  • Core dump during SCTP association analysis. (Bug 8011)
  • New and Updated Features:
  • There are no new features in this release.
  • New Protocol Support:
  • There are no new protocols in this release.
  • Updated Protocol Support:
  • 3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE 802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism, RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
  • New and Updated Capture File Support

New in version 1.8.3 (October 3rd, 2012)

  • Bug Fixes:
  • The following vulnerabilities have been fixed.
  • wnpa-sec-2012-26
  • The HSRP dissector could go into an infinite loop. (Bug 7581)
  • Versions affected: 1.8.0 to 1.8.2.
  • CVE-2012-5237
  • wnpa-sec-2012-27
  • The PPP dissector could abort. (Bug 7316, bug 7668)
  • Versions affected: 1.8.0 to 1.8.2.
  • CVE-2012-5238
  • wnpa-sec-2012-28
  • Martin Wilck discovered an infinite loop in the DRDA dissector. (Bug 7666)
  • Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
  • CVE-2012-5239
  • wnpa-sec-2012-29
  • Laurent Butti discovered a buffer overflow in the LDP dissector. (Bug 7567)
  • Versions affected: 1.8.0 to 1.8.2.
  • CVE-2012-5240
  • The following bugs have been fixed:
  • The HTTP dissector does not reassemble headers when the first TCP segment does not contain a full header line.
  • HDCP2 uses the wrong protocol id.
  • Several I/O graph problems have been fixed.
  • No markers show up when maps are displayed. (Bug 5016)
  • Assertion when using tshark/wireshark on large captures. (Bug 5699)
  • Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume level" reply packet is not displayed correctly due alignment issue. (Bug 5778)
  • 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit Windows. (Bug 5979)
  • Truncated/partial JPEG files are not dissected. (Bug 6230)
  • Support for MPLS Packet Loss and Delay Measurement, RFC 6374. (Bug 6881)
  • Memory leak in voip_calls.c. (Bug 7320)
  • When listing protocols available for "Decode As", plugins are sorted after built-ins. (Bug 7348)
  • Hidden columns should not be printed when printing packet summary line. (Bug 7356)
  • Size wrong in "File Set List" for just-finished captures. (Bug 7370)
  • Error: no dependency information found for debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used by debian/wireshark/usr/bin/wireshark). (Bug 7408)
  • Parse and properly display LTE RADIUS AVP 3GPP-User-Location-Info. (Bug 7474)
  • [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
  • BACnet GetEnrollmentSummary-ACK does not decode correctly. (Bug 7556)
  • epan/dissectors/packet-per.c dissect_per_constrained_integer_64b fails for 64 bits. (Bug 7624)
  • New SCTP PPID 48. (Bug 7635)
  • dissector of Qos attribute "Reliability Class" in GMM/SM message. (Bug 7670)
  • Performance regression in tshark -z io,stat. (Bug 7674)
  • Incorrect io-stat table format when unsupported "-t" operand is specified and when using AVG of relative_time fields. (Bug 7685)
  • IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
  • Homeplug AV dissectors does not properly dissect short frames. (Bug 7707)
  • mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not dissected properly in ContextResponse message in Gtpv2. (Bug 7718)
  • This trace causes Wireshark to crash when VoIP Calls selected. (Bug 7724)
  • Some diameter Gx enumerations are missing values or value is incorrect. (Bug 7727)
  • Wireshark 1.8.2 is only displaying 2 filters from the drop-down menu even when preferences are set to higher integer. (Bug 7731)
  • BGP bad decoding for Graceful Restart Capability with only helper support & for Enhanced Route Refresh Capability. (Bug 7734)
  • Dissection error of D-RELEASE and D-CONNECT in TETRA dissector. (Bug 7736)
  • DND can cause Wireshark to crash. (Bug 7744)
  • SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
  • Updated Protocol Support:
  • ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE 802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP, PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
  • New and Updated Capture File Support
  • File Locations:
  • Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
  • Known Problems:
  • Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
  • The BER dissector might infinitely loop. (Bug 1516)
  • Capture filters aren't applied when capturing from named pipes. (Bug 1814)
  • Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
  • The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
  • Application crash when changing real-time option. (Bug 4035)
  • Hex pane display issue after startup. (Bug 4056)
  • Packet list rows are oversized. (Bug 4357)
  • Summary pane selected frame highlighting not maintained. (Bug 4445)
  • Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

New in version 1.6.5 (January 11th, 2012)

  • Several bugs have been fixed, including vulnerabilities in several file parsers and the RLC dissector.
  • Many protocol dissector bugs have been fixed.

New in version 1.6.4 (November 19th, 2011)

  • Bug Fixes:
  • The following bugs have been fixed:
  • Patch to fix memory leaks/errors in Lua plugin. (Bug 5575)
  • Wireshark crashes if a field of type BASE_CUSTOM is applied as a column. (Bug 6503)
  • Filter Expression dialog can only be opened once. (Bug 6537)
  • Wireshark crashes if compiled without GLib thread support. (Bug 6540)
  • 80211 QoS Control: Add Raw TID. (Bug 6548)
  • SNMP length check error. (Bug 6564)
  • UCP dissector bug of operation 61. (Bug 6570)
  • New and Updated Features:
  • There are no new features in this release.
  • New Protocol Support:
  • There are no new protocols in this release.
  • Updated Protocol Support
  • New and Updated Capture File Support
  • Getting Wireshark:
  • Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
  • Vendor-supplied Packages:
  • Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
  • File Locations:
  • Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

New in version 1.4.7 (June 1st, 2011)

  • Fixed multiple vulnerabilities and dissector bugs.

New in version 1.4.6 (April 20th, 2011)

  • Wireshark and TShark can crash while analyzing TCP packets. (Bug 5837)
  • Updated Protocol Support: TCP

New in version 1.4.6 (April 20th, 2011)

  • Wireshark and TShark can crash while analyzing TCP packets. (Bug 5837)

New in version 1.5.0 (January 26th, 2011)

  • New and Updated Features:
  • Wireshark can import text dumps
  • similar to text2pcap.
  • You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
  • TShark can show a specific occurrence of a field when using '-T fields'.
  • Custom columns can show a specific occurrence of a field.
  • You can hide columns in the packet list.
  • Wireshark can now export SMB objects.
  • dftest and randpkt now have manual pages.
  • TShark can now display iSCSI service response times.
  • Dumpcap can now save files with a user-specified group id.
  • Syntax checking is done for capture filters.
  • You can display the compiled BPF code for capture filters in the Capture Options dialog.
  • You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+
  • and Ctrl+. .
  • Packet length is (finally) a default column.
  • TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
  • 802.1q VLAN tags are now shown by the Ethernet II dissector.
  • Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
  • The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
  • The RTP player now shows why media interruptions occur.
  • Graphs now save as PNG images by default.
  • New Protocol Support:
  • ADwin
  • ADwin-Config
  • Apache Etch
  • Aruba PAPI
  • Constrained Application Protocol (COAP)
  • Digium TDMoE
  • Ether-S-I/O
  • FastCGI
  • Fibre Channel over InfiniBand (FCoIB)
  • Gopher
  • Gigamon GMHDR
  • IDMP
  • Infiniband Socket Direct Protocol (SDP)
  • JSON
  • LISP Data
  • MikroTik MAC-Telnet
  • Mongo Wire Protocol
  • Network Monitor 802.11 radio header
  • OPC UA ExtensionObjects
  • PPI-GEOLOCATION-GPS
  • ReLOAD
  • ReLOAD Framing
  • SAMETIME
  • SCoP
  • SGSAP
  • Tektronix Teklink
  • WAI authentication
  • Wi-Fi P2P (Wi-Fi Direct)
  • New and Updated Capture File Support:
  • Apple PacketLogger
  • Catapult DCT2000
  • Daintree SNA
  • Endace ERF
  • HP OpenVMS TCPTrace
  • IPFIX (the file format
  • not the protocol)
  • Lucent/Ascend debug
  • Microsoft Network Monitor
  • Network Instruments
  • TamoSoft CommView

New in version 1.4.2 (November 22nd, 2010)

  • The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
  • Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318)
  • Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1.
  • The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
  • Versions affected: 1.4.0 to 1.4.1.
  • The following bugs have been fixed:
  • File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
  • Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the end of the line" if click on last PDU. (Bug 5285)
  • GTK-ERROR can occur in packets when there are multiple Netbios/SMB headers in a single frame. (Bug 5289)
  • "Tshark -G values" crashes on Windows. (Bug 5296)
  • PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
  • PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
  • [lua] Dumper:close() will cause a segfault due later GC of the Dumper. (Bug 5320)
  • Network Instruments' trace files sometimes cannot be read with an error message of "Observer: bad record: Invalid magic number". (Bug 5330)
  • IO Graph Time of Day times incorrect for filtered data. (Bug 5340)
  • Wireshark tools do not detect and read some ERF files correctly. (Bug 5344)
  • "editcap -h" sends some lines to stderr and others to stdout. (Bug 5353)
  • IP Timestamp Option: "flag=3" variant (prespecified) not displayed correctly. (Bug 5357)
  • AgentX PDU Header 'hex field highlighting' incorrectly spans extra bytes. (Bug 5364)
  • AgentX dissector cannot handle null OID in Open-PDU. (Bug 5368)
  • Crash with "Gtk-ERROR **: Byte index 6 is off the end of the line". (Bug 5374)
  • ANCP Portmanagment TLV wrong decoded. (Bug 5388)
  • Crash during startup because of Python SyntaxError in wspy_libws.py. (Bug 5389)
  • Updated Protocol Support
  • AgentX
  • ANCP
  • DIAMETER
  • HTTP
  • LDSS
  • MIME
  • NBNS
  • PROFINET
  • SIP
  • TCP
  • Telnet
  • ZigBee
  • New and Updated Capture File Support
  • Endace ERF
  • Network Instruments Observer

New in version 1.2.7 (April 1st, 2010)

  • Bug Fixes:
  • SNMPv3 Engine ID registration. (Bug 2426)
  • Open file dialog always displayed when clicking anywhere on Wireshark. (Bug 2478)
  • tshark reports wrong number of bytes on big dumpfiles with -z io,stat. (Bug 3205)
  • Negative INTEGER number displayed as positive number in SNMP dissector. (Bug 3230)
  • Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
  • Wireshark crashes w/ GLib error when trying to play RTP stream. (Bug 4119)
  • Windows 2000 support has been restored. (Bug 4176)
  • Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
  • I/O Graph dropdown boxes not working correctly. (Bug 4487)
  • Runtime Error when right-clicking field and selecting "Filter Field Reference". (Bug 4522)
  • In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
  • Profinet: May be wrong defined byte meaning. (Bug 4525)
  • GLib-CRITICAL ** Message. (Bug 4547)
  • Certain EDP display filters trigger Wireshark/tshark runtime error. (Bug 4563)
  • Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
  • The encapsulation abbreviation "bluetooth-h4" is ambiguous. (Bug 4613)
  • There are no new protocols in this release.
  • Updated Protocol Support
  • BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP
  • Known Problems:
  • Wireshark may appear offscreen on multi-monitor Windows systems. (Bug 553)
  • Wireshark might make your system disassociate from a wireless network on OS X. (Bug 1315)
  • Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
  • The BER dissector might infinitely loop. (Bug 1516)
  • Capture filters aren't applied when capturing from named pipes. (Bug 1814)
  • Wireshark might freeze when reading from a pipe. (Bug 2082)
  • Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
  • The 64-bit Windows installer does not ship with the same libraries as the 32-bit installer. (Bug 3610)

New in version 1.0.8 (May 22nd, 2009)

  • The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
  • The PCNFSD dissector could crash.
  • Versions affected: 0.8.20 to 1.0.7
  • CVE-2009-????
  • The following bugs have been fixed:
  • Lua integration could crash. (Bug 2453)
  • The SCCP dissector could crash when loading more than one file in a single session. (Bug 3409)
  • The NDMP dissector could crash if reassembly was enabled. (Bug 3470)

New in version 1.0.7 (April 9th, 2009)

  • Security-related bugs in the Profinet, LDAP, and CPHAP dissectors and the Tektronix K12 file format have been fixed.
  • Many other bugs have been fixed.

New in version 1.1.3 (March 24th, 2009)

  • This version features a new top-level menu arrangement and integration with OpenStreetMap.

New in version 1.1.2 (January 16th, 2009)

  • This version improves file previews on Windows, updates supporting libraries (including a security fix in c-ares), and adds GeoIP support.

New in version 1.0.5 (December 10th, 2008)

  • Bug Fixes:
  • Missing CRLF during HTTP POST in the "packet details" window (Bug 2534)
  • Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3 (Bug 2777)
  • Diameter dissector fails RFC 4005 compliance (Bug 2828)
  • LDP vendor private TLV type is not correctly shown (Bug 2832)
  • Wireshark on MacOS does not run when there are spaces in its path (Bug 2844)
  • OS X Intel package incorrectly claims to be Universal (Bug 2979)
  • Compilation broke when compiling without zlib (Bug 2993)
  • Memory leak: saved_repoid (Bug 3017)
  • Memory leak: follow_info (Bug 3018)
  • Memory leak: follow_info (Bug 3019)
  • Memory leak: tacplus_data (Bug 3020)
  • Memory leak: col_arrows (Bug 3021)
  • Memory leak: col_arrows (Bug 3022)
  • Incorrect address structure assigned for find_conversation() in WSP (Bug 3071)
  • Memory leak with unistim in voip_calls (Bug 3079)
  • Error parsing the BSSGP protocol (Bug 3085)
  • Assertion thrown in fvalue_get_uinteger when decoding TIPC (Bug 3086)
  • LUA script : Wireshark crashes after closing and opening again a window used by a listener.draw() function. (Bug 3090)
  • New and Updated Features:
  • Updated Protocol Support: ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP, MPEG PES, PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG 5066, TACACS, TIPC, WLCCP, WSP

New in version 1.0.4 (October 21st, 2008)

  • Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931, MATE, and USB dissectors, as well as the Tammos CommView file parser have been fixed. See the advisory for details.
  • Many other bugs have been fixed.

New in version 1.1.1 (October 11th, 2008)

  • This version fixes several problems with the 1.1.0 release, including an issue that kept Wireshark from running on many Windows machines.

New in version 1.1.0 (September 15th, 2008)

  • A start page and display filter autocompletion have been added.