The most popular and widely used network protocol analyzer Wireshark released a new version Wireshark 2.6.5, that comes with the fix for a number of security vulnerabilities that could crash Wireshark by injecting a malformed packet or reading malformed packet trace file.
wnpa-sec-2018-51 – The Wireshark dissection engine could crash.
wnpa-sec-2018-52 – The DCOM dissector could crash.
wnpa-sec-2018-53 – The LBMPDM dissector could crash.
wnpa-sec-2018-54 – The MMSE dissector could go into an infinite loop.
wnpa-sec-2018-55 – The IxVeriWave file parser could crash.
wnpa-sec-2018-56 – The PVFS dissector could crash.
All these vulnerabilities could be exploited by the attacker injecting a malformed packet or by reading a malformed packet trace file. These vulnerabilities affected the following Wireshark versions 2.6.0 to 2.6.4, 2.4.0 to 2.4.10, fixed with 2.6.5, 2.4.11 or later.
wnpa-sec-2018-57 – The ZigBee ZCL dissector could crash. Affected version 2.6.0 to 2.6.4, fixed with 2.6.5.
Other Bug Fixes – Wireshark 2.6.5
VoIP Calls dialog doesn’t include RTP stream when preparing a filter.
Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive.
Closing Enabled Protocols dialog crashes Wireshark.
Unable to Export Objects → HTTP after sorting columns.
DNS Response to NS query shows as a malformed packet.
Encrypted Alerts corresponds to a wrong selection in the packet bytes pane.
Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled.
ESP will not decode since 2.6.2 – works fine in 2.4.6 or 2.4.8.
text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header.
Wireshark tries to decode EAP-SIM Pseudonym Identity.
Infinite read loop when extcap exits with error and error message.
MATE unable to extract fields for PDU.
Malformed Packet: SV.
OPC UA Max nesting depth exceeded for a valid packet.
TShark 2.6 does not print GeoIP information.
ISUP (ANSI) packets malformed in WS versions later than 2.4.8.
Handover candidate enquires message not decoded.
TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled.
ICMPv6 with routing header incorrectly placed.
IEEE 802.11 Vendor-Specific fixed fields display as malformed packets.
text2pcap -4 and -6 option should require -i as well.
text2pcap direction sensitivity does not affect dummy ethernet addresses.
MLE security suite displays incorrectly.
Message for incorrect IPv4 option lengths is incorrect.
TACACS+ dissector does not properly reassemble large accounting messages.
NLRI of S-PMSI A-D BGP route not being displayed.
Last September, Wireshark issued security patches for three critical vulnerabilities that allow an unauthenticated, remote attacker to crash the vulnerable installations leads to DoS condition.