Wireshark 4.2.1 Released: What’s New!

A free and open-source packet analyzer, Wireshark is used for network troubleshooting, education, software and communications protocol development, and analysis. 

The widespread use of Wireshark is evidence of its reliability, allowing network administrators and security experts to examine network packets more thoroughly.

EHA

The Wireshark Foundation released version 4.2.1, which brings various bug fixes and upgrades.

What’s New in Wireshark 4.2.1?

Here below, we have mentioned all the new updates and fixes done in this new version, Wireshark 4.2.1.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Vulnerabilities Fixed

The vulnerabilities listed below have been addressed:

  • wnpa-sec-2024-01 GVCP dissector crash. Issue 19496. CVE-2024-0208.
  • wnpa-sec-2024-02 IEEE 1609.2 dissector crash. Issue 19501. CVE-2024-0209.
  • wnpa-sec-2024-03 HTTP3 dissector crash. Issue 19502. CVE-2024-0207.
  • wnpa-sec-2024-04 Zigbee TLV dissector crash. Issue 19504. CVE-2024-0210.
  • wnpa-sec-2024-05 DOCSIS dissector crash. Issue 19557. CVE-2024-0211.

The following flaws have been fixed:

  • Capture filters not saved to a recently used list. Issue 12918.
  • CFM dissector does not handle Sender ID TLV correctly when Chassis ID Length is zero. Issue 13720.
  • OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in dissect_zcl_read_attr_struct. Issue 19490.
  • Overriding capture options set by preference by command line arguments (like -S) doesn’t work. Issue 14549.
  • Segfault when enabling monitor mode on the wireless card that falsely claims to support it. Issue 16693.
  • Documented format of the temporary file name is out of date in the Wireshark User’s Guide. Issue 18464.
  • Selection highlight lost when interface list is sorted. Issue 19133.
  • HTTP3 malformed packets. Issue 19475.
  • Capture filter compilation fails with obscure error message. Issue 19480.
  • XML: Parsing encoding attribute failed when standalone attribute exists. Issue 19485.
  • Display filter expressions where the protocol name starts with digit and contains a hyphen are rejected. Issue 19489.
  • diameter.3GPP-* display filters not working after upgrade to version 4.2.0. Issue 19493.
  • GigE-vision: Control Protocol shows \”unknown\” as value for ASCII character set. Issue 19494.
  • The HTTP/3 Request Header URI is not correct. Issue 19497.
  • QUIC/TLS not extracting \”h3\” from ALPN in a capture. Issue 19503.
  • Documentation on system requirements should be updated. Issue 19512.
  • 4.2.0: init.lua in subdirectories not loaded anymore. Issue 19516.
  • Malformed SIP/SDP messages: components are not decoded properly. Issue 19518.
  • heuristic_protos do not reset on profile swap. Issue 19520.
  • Wireshark 4.2 crashes on Apply As Column. Issue 19521.
  • NFLOG timestamp is incorrect. Issue 19525.
  • Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph. Issue 19529.
  • Fixed parsing display filter expressions containing literal OID values, e.g. snmp.name == 1.3.6.1.2.1.1.3.0.

Updated Feature

  • pcapng: the if_tsoffset option is now supported.

How to Download?

To get the most recent version of Wireshark (Wireshark 4.2.1) from the Wireshark Foundation, you can visit the official download page that you can access here.

For Windows users, recommended to download the version Wireshark 4.2.2.

Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.