Wireshark 1.4.4 released

Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

Wireshark 1.4.4 fixes the following vulnerabilities:

  • Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. CVE-2011-0538
  • A large packet length in a pcap-ng file could crash Wireshark. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
  • Wireshark could overflow a buffer while reading a Nokia DCT3 trace file. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.
  • Wireshark on 32 bit systems could crash while reading a malformed 6LoWPAN packet. Versions affected: 1.4.0 to 1.4.3.
  • LDAP and SMB dissectors could overflow the stack. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)
  • Large LDAP Filter strings can consume excessive amounts of memory. Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)

The following bugs have been fixed:

  • A TCP stream would not always be recognized as the same stream.
  • Wireshark Crashing by pressing 2 Buttons.
  • A crash can occur in the NTLMSSP dissector.
  • The column texts from a Lua dissector could be mangled.
  • Corrections to ANSI MAP ASN.1 specifications.
  • When searching in packet bytes, the field and bytes are not immediately shown.
  • Malformed Packet: ULP reported when dissecting ULP SessionID PDU.
  • Wrong IEI in container of decode_gtp_mm_cntxt.
  • Display filter does not work for expressions of type BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC.
  • NTLMSSP dissector may fail to compile due to space embedded in C comment delimiters.
  • Allow for name resolution of link-scope and multicast IPv6 addresses from local host file.
  • DHCPv6 dissector formats DUID_LLT time incorrectly.
  • Allow for IEEE 802.3bc-2009 style PoE TLVs.
  • Various fixes to the HIP packet dissector.
  • Display “Day of Year” for January 1 as 1, not 0.
  • Accommodate the CMake build on Ubuntu 10.10.
  • E.212 MCC 260 Poland update according to local national regulatory.
  • IPP on ports other than 631 not recognized.
  • Potential access violation when writing to LANalyzer files.
  • IEEE 802.15.4 Superframe Specification – Final CAP Slot always 0.
  • Peer SRC and DST AS numbers are swapped for cflow.
  • dumpcap: -q option behavior doesn’t match documentation.

Don't miss