Wireshark 4.4.2 Update Fixes Vulnerabilities and Enhances Protocol Support

November 26, 2024

The recent release of Wireshark 4.4.2 has introduced significant updates that are set to bolster its functionality and improve its stability for users across various domains. This popular network protocol analyzer tool, renowned for its role in troubleshooting, analysis, development, and education, has received notable enhancements in its latest version. Not only does the update address critical vulnerabilities, but it also expands support for numerous protocols, solidifying Wireshark as a comprehensive utility for network analysis. Users will be able to leverage these upgrades to achieve more efficient and secure network diagnostics.

Addressing Critical Vulnerabilities

One of the most crucial aspects of the Wireshark 4.4.2 update is the resolution of two significant vulnerabilities that could have otherwise compromised the tool’s effectiveness and security. The first issue, identified as wnpa-sec-2024-14, pertained to an infinite loop detected in the FiveCo RAP dissector. Such a flaw could have made the system unresponsive and disrupted valuable network analysis operations. The second vulnerability, labeled wnpa-sec-2024-15, involved a potential crash of the ECMP dissector, which posed a risk of unexpected interruptions during critical diagnostic tasks.

In addition to tackling these vulnerabilities, the update also fixed several notable bugs that had been affecting the tool’s overall performance. For instance, the “enip” filter, which previously failed to detect CIP I/O, has been corrected to ensure accurate identification. Other fixes include resolving issues presented by specific fuzz jobs, namely fuzz-2024-09-03-7550.pcap. Furthermore, an index-out-of-bounds error in DOFObjectID_Create_Unmarshal identified by OSS-Fuzz 71476 has also been rectified. These bug fixes are essential for maintaining Wireshark’s reliability and effectiveness in varied network environments.

Enhanced Support for Multiple Protocols

Wireshark’s extensive and varied protocol support is one of its standout features, and the 4.4.2 update further extends this capability. Enhanced support now covers protocols such as ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, and several others. This broad utility ensures that network professionals have robust tools at their disposal for comprehensive analysis across diverse network configurations. The added protocol support significantly enhances the tool’s versatility, enabling more precise and thorough network diagnostics.

This updated version also includes critical bug fixes to optimize Wireshark’s operation on different platforms. For example, a disconnection issue with iPhone Mirroring when opening Wireshark 4.4.0 on macOS 15.0 has been resolved, ensuring seamless operation on Apple devices. Additionally, issues related to message association in PTP analysis due to sequence number resets and incorrect hashing in JA4_c hashes have been addressed. Notably, response packets in USB CCID events that were previously misflagged as malformed due to unsupported SetParameters commands have also been fixed, ensuring more accurate data interpretation.

Stability and Usability Improvements

Wireshark 4.4.2 prioritizes enhancements in both stability and usability, as evidenced by the wide-ranging fixes in this update. Several crashes that previously impeded smooth operation have been rectified. For instance, a frequent crash occurring when running Dumpcap from TShark with a capture filter has been resolved. Additionally, mislabeled and misdisplayed fields in the SRT dissector for StreamID in handshake extensions have been corrected. Other notable fixes include the removal of ghost error messages appearing in POP3 packets and resolution of build failures related to c-ares 1.34.

Further stability improvements have been achieved by addressing optional D-Bus issues, ensuring non-notarized macOS DMGs for Intel, and rectifying errors in MLD Capabilities and Operations Present flag settings for MLO wifi-7 captures. Specific fixes also tackled parsing issues in Wi-Fi 256 Block Ack, depth limitations in BACnet’s ReadPropertyMultiple requests, and crashes during the usage of I/O Graph with simple moving averages. These enhancements contribute to a more reliable tool, essential for thorough network analysis and diagnostics.

Commitment to Quality and Performance

The latest release of Wireshark, version 4.4.2, brings a host of significant updates aimed at enhancing its functionality and stability for users across various fields. Wireshark, a widely-used network protocol analyzer, is crucial for tasks such as troubleshooting, network analysis, software development, and education. The new version addresses critical vulnerabilities, making it more secure and reliable. It also expands support for numerous protocols, solidifying Wireshark’s status as a versatile and comprehensive tool for network analysis.

These enhancements mean that users can now perform more efficient and secure network diagnostics. By supporting a broader range of protocols, Wireshark 4.4.2 allows network professionals and enthusiasts to delve deeper into network traffic, resolving issues more effectively. Moreover, the stability improvements ensure smoother performance, reducing the likelihood of crashes during in-depth analysis. This update not only maintains Wireshark’s reputation as an essential tool in the networking field but also pushes it forward, keeping pace with evolving network technologies and user needs.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later