In the world of network packet analysis, Wireshark has become an essential tool for IT professionals and security researchers. Developed by Gerald Combs in 1997 under the name “Ethreal,” Wireshark is an open-source software program that allows users to analyze network packets in real-time. It has a myriad of uses, including troubleshooting network issues, detecting security vulnerabilities, monitoring network activity, and troubleshooting protocol implementations.
Today, Wireshark is one of the most popular network analysis tools available, with millions of users worldwide. Its popularity stems from its availability as a free and open-source software that functions across multiple platforms, including Windows, macOS, and Linux.
The latest version of Wireshark, version 4.0.6, was recently released, and with it came several important updates and fixes. According to the release notes, version 4.0.6 fixed nine vulnerabilities that existed in the previous version of the software. These include:
– CVE-2023-2857: A heap buffer overflow vulnerability in the BLF reader functionality. This could be exploited by sending a maliciously crafted BLF file that affects the blf_pull_logcontainer_into_memory() function and could result in arbitrary code execution.
– CVE-2023-2858: A heap buffer overflow vulnerability in the nstrace_read_v10 functionality. This could be exploited by sending a malicious packet file that executes arbitrary code or results in a DoS attack that crashes the application.
– CVE-2023-2856: A stack buffer overflow vulnerability in the parse_vms_packet functionality. This could be exploited by sending a malicious file to Wireshark that is read by the parse_vms_packet function and results in the crash of Wireshark or arbitrary code execution.
– CVE-2023-2854: A heap buffer overflow vulnerability in the blf_read_apptextmessage functionality. This existed in the Wireshark BLF plugin and could be exploited by sending a crafted string resulting in arbitrary code execution.
– RTPS vulnerability: In the Wireshark version 4.0.5 and earlier, the RTPS (Real-Time Publish-Subscribe) packet did not validate the length in the rtps_util_add_type_library_type, enabling attackers to send a large file to this function, resulting in a heap buffer overflow vulnerability and arbitrary code execution.
– Global buffer conf_phasor_type: This buffer had an out-of-bounds read capability that did not validate the length of the IEEE-C37.118 packet sent by an attacker, resulting in a heap-based buffer overflow and arbitrary code execution.
– Several other bugs were also fixed in the recent release.
In addition to these vulnerability fixes, the Wireshark team also added support for several new protocols. The protocols added in the latest version of Wireshark include batadv, BFCP, CommunityID, COSE, GDSDB, H.265, HTTP, ILP, ISAKMP, MSMMS, NNTP, NR RRC, NTLMSSP, QUIC, RTPS, SPNEGO, Synphasor, TCP, UDS, ULP, USB HID, and XRA.
One thing to note is that the official 32-bit Windows packages are no longer shipped with Wireshark 4.0.6. Users who wish to use Wireshark in 32-bit Windows are recommended to go with the latest 3.6 release.
Overall, the latest version of Wireshark offers several important updates and fixes that help bolster the security and functionality of the software. With its continued popularity and widespread use, Wireshark remains a vital tool for IT professionals and security researchers. For more information on the release, users can visit the Wireshark 4.0.6 release notes page.