Wireshark 3.0.1 Release Notes What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New • The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9. Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2019-09[1] NetScaler file parser crash. Bug 15497[2]. CVE-2019-10895[3]. • wnpa-sec-2019-10[4] SRVLOC dissector crash. Bug 15546[5]. CVE-2019-10899[6]. • wnpa-sec-2019-11[7] IEEE 802.11 dissector infinite loop. Bug 15553[8]. CVE-2019-10897[9]. • wnpa-sec-2019-12[10] GSUP dissector infinite loop. Bug 15585[11]. CVE-2019-10898[12]. • wnpa-sec-2019-13[13] Rbm dissector infinite loop. Bug 15612[14]. CVE-2019-10900[15]. • wnpa-sec-2019-14[16] GSS-API dissector crash. Bug 15613[17]. CVE-2019-10894[18]. • wnpa-sec-2019-15[19] DOF dissector crash. Bug 15617[20]. CVE-2019-10896[21]. • wnpa-sec-2019-16[22] TSDNS dissector crash. Bug 15619[23]. CVE-2019-10902[24]. • wnpa-sec-2019-17[25] LDSS dissector crash. Bug 15620[26]. CVE-2019-10901[27]. • wnpa-sec-2019-18[28] DCERPC SPOOLSS dissector crash. Bug 15568[29]. CVE-2019-10903[30]. The following bugs have been fixed: • [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770[31]. • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439[32]. • Duplicated TCP SEQ field in ICMP packets. Bug 15533[33]. • Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542[34]. • Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545[35]. • GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549[36]. • Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561[37]. • %T not supported for timestamps. Bug 15565[38]. • LWM2M: resource with \r\n badly shown. Bug 15572[39]. • When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578[40]. • Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599[41]. • Windows console log output delay. Bug 15605[42]. • Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607[43]. • NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608[44]. • randpkt -r causes segfault when count > 1. Bug 15627[45]. • Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628[46]. • Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630[47]. • BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631[48]. • Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634[49]. • Typo: broli → brotli. Bug 15647[50]. • Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648[51]. • Windows CHM (help file) title displays quoted HTML characters. Bug 15656[52]. • Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667[53]. New and Updated Features There are no new features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE 802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog, TCP, TLS, and TSDNS New and Updated Capture File Support NetScaler and pcap New and Updated Capture Interfaces support There is no new or updated capture file support in this release. Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html[54]. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page[55] on the Wireshark web site. File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system. Getting Help The User’s Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/[56] Community support is available on Wireshark’s Q&A site[57] and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site[58]. Bugs and feature requests can be reported on the bug tracker[59]. Official Wireshark training and certification are available from Wireshark University[60]. Frequently Asked Questions A complete FAQ is available on the Wireshark web site[61]. Last updated 2019-04-08 17:06:38 UTC References 1. https://www.wireshark.org/security/wnpa-sec-2019-09 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10895 4. https://www.wireshark.org/security/wnpa-sec-2019-10 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10899 7. https://www.wireshark.org/security/wnpa-sec-2019-11 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553 9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10897 10. https://www.wireshark.org/security/wnpa-sec-2019-12 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585 12. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10898 13. https://www.wireshark.org/security/wnpa-sec-2019-13 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612 15. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10900 16. https://www.wireshark.org/security/wnpa-sec-2019-14 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613 18. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10894 19. https://www.wireshark.org/security/wnpa-sec-2019-15 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617 21. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10896 22. https://www.wireshark.org/security/wnpa-sec-2019-16 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619 24. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10902 25. https://www.wireshark.org/security/wnpa-sec-2019-17 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 27. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10901 28. https://www.wireshark.org/security/wnpa-sec-2019-18 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 30. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10903 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14770 32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15439 33. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15533 34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15542 35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15545 36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15549 37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15561 38. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15565 39. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15572 40. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15578 41. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15599 42. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15605 43. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15607 44. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15608 45. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15627 46. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15628 47. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15630 48. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15631 49. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15634 50. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15647 51. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15648 52. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15656 53. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15667 54. https://www.wireshark.org/download.html 55. https://www.wireshark.org/download.html#thirdparty 56. https://www.wireshark.org/docs/ 57. https://ask.wireshark.org/ 58. https://www.wireshark.org/lists/ 59. https://bugs.wireshark.org/ 60. http://www.wiresharktraining.com/ 61. https://www.wireshark.org/faq.html