Wireshark 4.2.1 Release Notes What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. Wireshark is hosted by the Wireshark Foundation, a nonprofit which promotes protocol analysis educaton. Wireshark and the foundation depend on your contributions in order to do their work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org[1]. What’s New Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2024-01[2] GVCP dissector crash. Issue 19496[3]. CVE-2024-0208[4]. • wnpa-sec-2024-02[5] IEEE 1609.2 dissector crash. Issue 19501[6]. CVE-2024-0209[7]. • wnpa-sec-2024-03[8] HTTP3 dissector crash. Issue 19502[9]. CVE-2024-0207[10]. • wnpa-sec-2024-04[11] Zigbee TLV dissector crash. Issue 19504[12]. CVE-2024-0210[13]. • wnpa-sec-2024-05[14] DOCSIS dissector crash. Issue 19557[15]. CVE-2024-0211[16]. The following bugs have been fixed: • Capture filters not saved to recently used list. Issue 12918[17]. • CFM dissector does not handle Sender ID TLV correctly when Chassis ID Length is zero. Issue 13720[18]. • OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in dissect_zcl_read_attr_struct. Issue 19490[19]. • Overriding capture options set by preference by command line arguments (like -S) doesn’t work. Issue 14549[20]. • Segfault when enabling monitor mode on wireless card that falsely claims to support it. Issue 16693[21]. • Documented format of temporary file name is out of date in the Wireshark User’s Guide. Issue 18464[22]. • Selection highlight lost when interface list is sorted. Issue 19133[23]. • HTTP3 malformed packets. Issue 19475[24]. • Capture filter compilation fails with obscure error message. Issue 19480[25]. • XML: Parsing encoding attribute failed when standalone attribute exists. Issue 19485[26]. • Display filter expressions where the protocol name starts with digit and contains a hyphen are rejected. Issue 19489[27]. • diameter.3GPP-* display filters not working after upgrade to version 4.2.0. Issue 19493[28]. • GigE-vision: Control Protocol shows \"unknown\" as value for ASCII character set. Issue 19494[29]. • The HTTP/3 Request Header URI is not correct. Issue 19497[30]. • QUIC/TLS not extracting \"h3\" from ALPN in a capture. Issue 19503[31]. • Documentation on system requirements should be updated. Issue 19512[32]. • 4.2.0: init.lua in subdirectories not loaded anymore. Issue 19516[33]. • Malformed SIP/SDP messages: components are not decoded properly. Issue 19518[34]. • heuristic_protos do not reset on profile swap. Issue 19520[35]. • Wireshark 4.2 crashes on Apply As Column. Issue 19521[36]. • NFLOG timestamp is incorrect. Issue 19525[37]. • Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph. Issue 19529[38]. • Fixed parsing display filter expressions containing literal OID values, e.g. `snmp.name == 1.3.6.1.2.1.1.3.0`. New and Updated Features There are no new or updated features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support New and Updated Capture File Support There is no new or updated capture file support in this release. pcapng: the if_tsoffset option is now supported. Prior Versions This document only describes the changes introduced in Wireshark 4.2.1. You can find release notes for prior versions at the following locations: • Wireshark 4.2.0[39] Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page[40] on the Wireshark web site. File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use "Help › About Wireshark › Folders" or `tshark -G folders` to find the default locations on your system. Getting Help The User’s Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/ Community support is available on Wireshark’s Q&A site[41] and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site[42]. Bugs and feature requests can be reported on the issue tracker[43]. You can learn protocol analysis and meet Wireshark’s developers at SharkFest[44]. How You Can Help The Wireshark Foundation helps as many people as possible understand their networks as much as possible. You can find out more and donate at wiresharkfoundation.org[45]. Frequently Asked Questions A complete FAQ is available on the Wireshark web site[46]. References 1. https://wiresharkfoundation.org 2. https://www.wireshark.org/security/wnpa-sec-2024-01 3. https://gitlab.com/wireshark/wireshark/-/issues/19496 4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0208 5. https://www.wireshark.org/security/wnpa-sec-2024-02 6. https://gitlab.com/wireshark/wireshark/-/issues/19501 7. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0209 8. https://www.wireshark.org/security/wnpa-sec-2024-03 9. https://gitlab.com/wireshark/wireshark/-/issues/19502 10. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0207 11. https://www.wireshark.org/security/wnpa-sec-2024-04 12. https://gitlab.com/wireshark/wireshark/-/issues/19504 13. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0210 14. https://www.wireshark.org/security/wnpa-sec-2024-05 15. https://gitlab.com/wireshark/wireshark/-/issues/19557 16. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0211 17. https://gitlab.com/wireshark/wireshark/-/issues/12918 18. https://gitlab.com/wireshark/wireshark/-/issues/13720 19. https://gitlab.com/wireshark/wireshark/-/issues/19490 20. https://gitlab.com/wireshark/wireshark/-/issues/14549 21. https://gitlab.com/wireshark/wireshark/-/issues/16693 22. https://gitlab.com/wireshark/wireshark/-/issues/18464 23. https://gitlab.com/wireshark/wireshark/-/issues/19133 24. https://gitlab.com/wireshark/wireshark/-/issues/19475 25. https://gitlab.com/wireshark/wireshark/-/issues/19480 26. https://gitlab.com/wireshark/wireshark/-/issues/19485 27. https://gitlab.com/wireshark/wireshark/-/issues/19489 28. https://gitlab.com/wireshark/wireshark/-/issues/19493 29. https://gitlab.com/wireshark/wireshark/-/issues/19494 30. https://gitlab.com/wireshark/wireshark/-/issues/19497 31. https://gitlab.com/wireshark/wireshark/-/issues/19503 32. https://gitlab.com/wireshark/wireshark/-/issues/19512 33. https://gitlab.com/wireshark/wireshark/-/issues/19516 34. https://gitlab.com/wireshark/wireshark/-/issues/19518 35. https://gitlab.com/wireshark/wireshark/-/issues/19520 36. https://gitlab.com/wireshark/wireshark/-/issues/19521 37. https://gitlab.com/wireshark/wireshark/-/issues/19525 38. https://gitlab.com/wireshark/wireshark/-/issues/19529 39. https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html 40. https://www.wireshark.org/download.html 41. https://ask.wireshark.org/ 42. https://www.wireshark.org/lists/ 43. https://gitlab.com/wireshark/wireshark/-/issues 44. https://sharkfest.wireshark.org 45. https://wiresharkfoundation.org 46. https://www.wireshark.org/faq.html