Software-update: Wireshark 4.0.4

Versie 4.0.4 van de opensource-protocol-analyzer en -packetsniffer Wireshark is uitgekomen. Met dit programma kunnen verschillende datapakketten en netwerkprotocollen op het netwerk worden geanalyseerd. Ook kan het programma eerder opgeslagen dataverkeer als invoer gebruiken. Wireshark is te downloaden voor 64bit-uitvoeringen van Windows en macOS. De broncode is beschikbaar voor gebruik op Linux, Solaris en *BSD. Vanaf versie 4.0 zijn er geen 32bit-uitvoeringen meer beschikbaar. Sinds versie 4.0.2 zijn de volgende veranderingen en verbeteringen aangebracht:

Wireshark 4.0.4 Release Notes

The following vulnerabilities have been fixed:

• wnpa-sec-2023-08 ISO 15765 and ISO 10681 dissector crash. Issue 18839.

The following bugs have been fixed:

• UTF-8 characters end up escaped in PSML output. Issue 10445.
• Export filtered displayed packets won’t save IP fragments of SCTP fragments needed to reassemble a displayed frame. Issue 12597.
• DICOM dissection in reassembled PDV goes wrong. Issue 13388.
• "Export Objects - IMF" produces incorrect file, TCP reassembly fails with retransmissions that have additional data. Issue 13523.
• The intelligent scroll bar or minimap is not predictable on locating and scrolling. Issue 13989.
• If you mark (or unmark) the currently-selected frame, the packet details still say it’s not marked (or it is marked) Issue 14330.
• An out-of-order packet incorrectly detected as retransmission breaks desegmentation of TCP stream. Issue 15993.
• Sorting Packet Loss Column is not sorting correct. Issue 16785.
• Some HTTPS packets cannot be decrypted. Issue 17406.
• SIP TCP decoding regression from Wireshark 1.99.0 to 3.6.8. Issue 18411.
• Frame comments not preserved when using filter to write new pcap from tshark. Issue 18693.
• ChmodBPF not working on macOS Ventura 13.1. Issue 18734.
• Wireshark GUI and window manager stuck after setting display filter. Issue 18809.
• Dissector bug, protocol H.261. Issue 18812.
• File extension heuristics are case-sensitive. Issue 18821.
• Symbolic links to packages in macOS dmg can’t be double-clicked to install on macOS 13.2. Issue 18830.
• Potential memory leak in tshark.c. Issue 18837.
• Fuzz job crash output: fuzz-2023-02-05-7303.pcap. Issue 18842.
• f5fileinfo: Hardware platforms missing descriptions. Issue 18848.
• The lines in the intelligent scrollbar are off by one. Issue 18850.
• Wireshark crashes on invalid UDS packet in Lua context. Issue 18865.
• TECMP dissector shows the wrong Voltage in Vendor Data. Issue 18871.
• UDS: Names of RDTCI subfunctions 0x0b …​ 0x0e are not correct. Issue 18873.

Updated Protocol Support

• ASTERIX
• BGP
• DHCP
• ERF
• F5 Ethernet trailer
• GMR-1 RR
• Gryphon
• GSM SMS
• H.261
• H.450
• ISO 10681
• ISO 15765
• MIPv6
• NAS-5gs
• NR RRC
• NS Trace
• OptoMMP
• PDCP-LTE
• PDCP-NR
• QSIG
• ROHC
• RSVP
• RTCP
• SCTP
• SIP
• TCP
• TECMP
• TWAMP
• UDS
• UMTS RLC

Wireshark 4.0.3 Release Notes

The following vulnerabilities have been fixed:

• wnpa-sec-2023-01 EAP dissector crash. Issue 18622.
• wnpa-sec-2023-02 NFS dissector memory leak. Issue 18628.
• wnpa-sec-2023-03 Dissection engine crash. Issue 18766.
• wnpa-sec-2023-04 GNW dissector crash. Issue 18779.
• wnpa-sec-2023-05 iSCSI dissector crash. Issue 18796.
• wnpa-sec-2023-06 Multiple dissector excessive loops. Issue 18711. Issue 18720, Issue 18737.
• wnpa-sec-2023-07 TIPC dissector crash. Issue 18770.

The following bugs have been fixed:

• Qt: After modifying coloring rules, the coloring rule applied to the first packet reflects the coloring rules previously in effect. Issue 12475.
• Help file doesn’t display for extcap interfaces. Issue 15592.
• For USB traffic on XHC20 interface destination is always given as Host. Issue 16768.
• Wireshark Expert Info - cannot deselect the limit to display filter tick box. Issue 18461.
• Wrong pointer conversion in get_data_source_tvb_by_name() Issue 18517.
• Wrong number of bits skipped while decoding an empty UTF8String on UPER packet. Issue 18702.
• Crash when analyzing protobuf packets. Issue 18730.
• Uninitialized values in various dissectors. Issue 18742.
• String (GeoIP country/city) ordering doesn’t work in Endpoints. Issue 18749.
• Wireshark crashes with an assertion failure on stray minus in filter. Issue 18750.
• IO Graph: Add new graph only works until the 10th graph. Issue 18762.
• Fuzz job crash output: fuzz-2022-12-30-11007.pcap. Issue 18770.
• Q.850 - error in label for cause 0x7F. Issue 18780.
• Uninitialized values in CoAP and RTPS dissectors. Issue 18785.
• Screenshots in AppStream metainfo.xml file not available. Issue 18801.

Updated Protocol Support

• ASTERIX
• BEEP
• BGP
• BPv6
• CoAP
• EAP
• GNW
• GSM A-bis P-GSL
• iSCSI
• ISUP
• LwM2M-TLV
• MBIM
• NBAP
• NFS
• OBD-II
• OPUS
• ProtoBuf
• RLC
• ROHC
• RTPS
• Telnet
• TIPC
• USB

De volgende downloads zijn beschikbaar:
Wireshark 4.0.4 voor Windows (64bit)
Wireshark 4.0.4 voor PortableApps
Wireshark 4.0.4 voor macOS (Arm, 64bit)
Wireshark 4.0.4 voor macOS (Intel, 64bit)
Wireshark 4.0.4 broncode voor onder andere Linux, Solaris en *BSD