Wireshark 4.4.2: Security updates, bug fixes, updated protocol support

   November 25, 2024  Posted in HelpnetSecurity


Wireshark, the popular network protocol analyzer, has reached version 4.4.2. It is used for troubleshooting, analysis, development and education.

The following vulnerabilities have been fixed:

  • wnpa-sec-2024-14 FiveCo RAP dissector infinite loop.
  • wnpa-sec-2024-15 ECMP dissector crash.

Updated protocol support: ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP, Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS, MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog, TCP, UMTS RLC, USB CCID, Wi-SUN, and ZigBee ZCL.

The following bugs have been fixed:

  • CIP I/O is not detected by “enip” filter anymore.
  • Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041.
  • OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal.
  • JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000.
  • Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring.
  • PTP analysis loses track of message associations in case of sequence number resets.
  • USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed.
  • dumpcap crashes when run from TShark with a capture filter. Issue 20108.
  • SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating.
  • Ghost error message on POP3 packets.
  • Building against c-ares 1.34 fails.
  • D-Bus is not optional anymore.
  • macOS Intel DMGs aren’t fully notarized.
  • Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture.
  • CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet]
  • Wi-Fi: 256 Block Ack (BA) is not parsed properly.
  • BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached.
  • Statistics→I/O Graph crashes when using simple moving average.
  • HTTP2 body decompression fails on DATA with a single padded frame.
  • Compiler warning for ui/tap-rtp-common.c (ignoring return value)
  • SIP dissector bug due to “be-route” param in VIA header.
  • Coredump after trying to open ‘Follow TCP stream’.
  • Protobuf JSON mapping error.
  • Display filter “!stp.pvst.origvlan in { vlan.id }” causes a crash (Version 4.4.1).
  • Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1.
  • IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame.
  • Wireshark 4.4.1 does not decode RTCP packets.
  • Qt: Display filter sub-menu can only be opened on the triangle, not the full name.
  • Qt: Changing the display filter does not update the Conversations or Endpoints dialogs.
  • MODBUS Dissector bug.
  • Modbus dissector bug – Field Occurence and Layer Operator modbus.bitval field.
  • Wireshark crashes when a field is dragged from packet details towards the find input.
  • Lua DissectorTable(“”) : set (“10,11”) unexpected behavior in locales with comma as decimal separator.

Wireshark is available for free download here.



Source link