Wireshark, the premier network protocol analyzer, has released version 4.6.4, a critical maintenance update that addresses multiple security vulnerabilities and enhances overall stability and performance.
Security Vulnerabilities Addressed
This update resolves three significant security issues that could potentially expose users to Denial-of-Service (DoS) attacks through specific protocol dissectors.
1. USB HID Dissector Memory Exhaustion: Malformed USB HID packets could previously lead to excessive memory usage, resulting in crashes or system instability.
2. NTS-KE Dissector Crash: Certain Network Time Security Key Establishment (NTS-KE) traffic patterns had the potential to cause the analyzer to crash.
3. RF4CE Profile Dissector Crash: Stability issues were identified and fixed to prevent crashes when analyzing RF4CE (Radio Frequency for Consumer Electronics) traffic.
Key Bug Fixes and Performance Enhancements
Beyond the security patches, Wireshark 4.6.4 introduces several important stability fixes:
– Expert Info Performance Improvement: A notable performance issue within the Expert Info feature has been addressed. Previously, this feature experienced quadratic performance degradation, becoming significantly slower as the volume of data increased.
– TShark Stability: Fixed segmentation faults in TShark and editcap when the output format was set to BLF.
– Capture File Integrity: Corrected Wiretap’s writing of invalid PCAPNG Darwin option blocks and custom string options.
– Dissector Corrections: Resolved TDS desynchronization and fixed RDM status decoding in the Art-Net PollReply dissector.
– Fuzzing Crashes: Fixed a crash discovered during Zigbee Direct Tunneling fuzz testing.
Protocol Support Updates
While no new protocols were introduced in this release, support for a wide array of existing protocols has been updated to ensure accurate decoding. Updated protocols include Art-Net, BGP, IEEE 802.11, IPv6, MySQL, NAS-5GS, and Socks. Capture file support has also been improved for BLF and pcapng formats.
Recommendations for Users
Users are strongly advised to update to Wireshark 4.6.4 immediately to ensure their analysis environment remains secure and stable. The latest version can be downloaded directly from the Wireshark Foundation’s official website.
About Wireshark
Wireshark is the world’s foremost network protocol analyzer, used by network administrators, security analysts, and developers for troubleshooting, analysis, and education. Its open-source nature and comprehensive feature set make it an indispensable tool in the field of network analysis.
Conclusion
The release of Wireshark 4.6.4 underscores the project’s commitment to security and performance. By addressing critical vulnerabilities and enhancing stability, this update ensures that Wireshark continues to be a reliable tool for network analysis.
Twitter Post
Wireshark 4.6.4 is out now! This update fixes critical security vulnerabilities and enhances performance. Update today to keep your network analysis secure and efficient. #Wireshark #CyberSecurity #NetworkAnalysis
Focus Key Phrase
Wireshark 4.6.4 release
Article X Post:
Hashtags:
Article Key Phrase:
Category: Security News