Version History of Wireshark 1.4.4 (x64)

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that Wireshark could free an uninitialized pointer while reading a malformed pcap-ng file. (Bug 5652)

Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

CVE-2011-0538

  • Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a large packet length in a pcap-ng file could crash Wireshark. (Bug 5661)
  • Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

    • Wireshark could overflow a buffer while reading a Nokia DCT3 trace file.
    • Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3.

      CVE-2011-0713

      • Paul Makowski working for SEI/CERT discovered that Wireshark on 32 bit systems could crash while reading a malformed 6LoWPAN packet. (Bug 5722)

      Versions affected: 1.4.0 to 1.4.3.

      • joernchen of Phenoelit discovered that the LDAP and SMB dissectors could overflow the stack. (Bug 5717)

      Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)

      • Xiaopeng Zhang of Fortinet's Fortiguard Labs discovered that large LDAP Filter strings can consume excessive amounts of memory. (Bug 5732)

      Versions affected: 1.2.0 to 1.2.14 and 1.4.0 to 1.4.3. (Prior versions including 1.0.x are also affected.)

      The following bugs have been fixed:

      • A TCP stream would not always be recognized as the same stream. (Bug 2907)
      • Wireshark Crashing by pressing 2 Buttons. (Bug 4645)
      • A crash can occur in the NTLMSSP dissector. (Bug 5157)
      • The column texts from a Lua dissector could be mangled. (Bug 5326) (Bug 5630)
      • Corrections to ANSI MAP ASN.1 specifications. (Bug 5584)
      • When searching in packet bytes, the field and bytes are not immediately shown. (Bug 5585)
      • Malformed Packet: ULP reported when dissecting ULP SessionID PDU. (Bug 5593)
      • Wrong IEI in container of decode_gtp_mm_cntxt. (Bug 5598)
      • Display filter does not work for expressions of type BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC. (Bug 5606)
      • NTLMSSP dissector may fail to compile due to space embedded in C comment delimiters. (Bug 5614)
      • Allow for name resolution of link-scope and multicast IPv6 addresses from local host file. (Bug 5615)
      • DHCPv6 dissector formats DUID_LLT time incorrectly. (Bug 5627)
      • Allow for IEEE 802.3bc-2009 style PoE TLVs. (Bug 5639)
      • Various fixes to the HIP packet dissector. (Bug 5646)
      • Display "Day of Year" for January 1 as 1, not 0. (Bug 5653)
      • Accommodate the CMake build on Ubuntu 10.10. (Bug 5665)
      • E.212 MCC 260 Poland update according to local national regulatory. (Bug 5668)
      • IPP on ports other than 631 not recognized. (Bug 5677)
      • Potential access violation when writing to LANalyzer files. (Bug 5698)
      • IEEE 802.15.4 Superframe Specification - Final CAP Slot always 0. (Bug 5700)
      • Peer SRC and DST AS numbers are swapped for cflow. (Bug 5702)
      • dumpcap: -q option behavior doesn't match documentation. (Bug 5716)

      New and Updated Features

      • There are no new features in this release.

      New Protocol Support

      • There are no new protocols in this release.

      Updated Protocol Support

      • ANSI MAP, BitTorrent, DCM, DHCPv6, DTAP, DTPT, E.212, GSM Management, GTP, HIP, IEEE 802.15.4, IPP, LDAP, LLDP, Netflow, NTLMSSP, P_Mul, Quake, Skinny, SMB, SNMP, ULP

      New and Updated Capture File Support

      • LANalyzer, Nokia DCT3, Pcap-ng