Wireshark 4.4.2: Fixes Vulnerabilities & Enhances Protocol Support

The Wireshark Foundation has announced the release of Wireshark 4.4.2, the latest version of its widely-used network protocol analyzer.

This update brings many improvements, including critical bug fixes and enhanced protocol support, further solidifying Wireshark’s position as an essential tool for network troubleshooting, analysis, development, and education.

Key Vulnerabilities Fixed

Wireshark 4.4.2 addresses several significant vulnerabilities that could impact network security and stability. Among the fixed issues are:

• FiveCo RAP Dissector Infinite Loop: Identified as wnpa-sec-2024-14, this vulnerability involved an infinite loop in the FiveCo RAP dissector, which could potentially lead to application hang-ups during packet analysis.
• ECMP Dissector Crash: Labeled as wnpa-sec-2024-15, this issue caused crashes in the ECMP dissector, affecting the reliability of network analysis when handling specific packet types.

These fixes are crucial for maintaining the integrity and performance of network analysis tasks conducted using Wireshark.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

In addition to vulnerability patches, Wireshark 4.4.2 resolves numerous bugs that enhance its functionality and user experience:

• CIP I/O Detection: A bug that prevented CIP I/O from being detected by the “enip” filter has been corrected, improving the accuracy of protocol filtering.
• PTP Analysis: The update fixes issues with PTP analysis where message associations were lost due to sequence number resets, ensuring more reliable time synchronization analysis.
• USB CCID Malformed Packets: A problem with USB CCID response packets being flagged as malformed when the SetParameters command was unsupported has been addressed.

These fixes provide a more stable and efficient environment for users conducting detailed network investigations.

Wireshark 4.4.2 also introduces updates to its protocol support capabilities, ensuring compatibility with a wider range of network technologies:

• Updated Protocols: The release includes improvements for protocols such as ARTNET, BACapp, HTTP/2, SIP, and TCP among others. These updates help users analyze a broader spectrum of network traffic accurately.
• Improved Display Filters: Enhancements in display filter handling now allow for better floating-point conversion error management and support for comma-separated ranges in different locales.

The release includes several user interface improvements aimed at streamlining workflow:

• TShark Syntax Update: The syntax for dumping fields with specific prefixes has been updated for clarity and ease of use.
• Custom Columns and Output Fields: Users can now define custom columns using valid field expressions, offering greater flexibility in data presentation.

Wireshark 4.4.2 is available for download from the official Wireshark website. Users are encouraged to upgrade to this latest version to benefit from these enhancements and ensure their network analysis tasks are performed with the highest level of security and efficiency.

Earlier this October, Wireshark 4.4.1 was released with fix for key vulnerabilities that could potentially disrupt network analysis activities. Notably, it fixes issues such as the ITS dissector crash (wnpa-sec-2024-12) and crashes related to AppleTalk and RELOAD Framing dissectors (wnpa-sec-2024-13).

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free