Wireshark 4.0.8 Release: What’s New!

Wireshark released the latest release note for 4.0.8 on its official page regarding bug fixes that have been detected earlier and updated protocol support.

A network protocol analyzer, Wireshark captures packets from a network connection, providing insightful network analysis.

The end of support for 32-bit Windows files has been planned for Wireshark 4.0 and later.

For those who need to use Wireshark on that platform are recommended to use the current 3.6 edition.

Additionally the users who have updated their macOS to macOS 13 from an earlier version may require opening the “Uninstall ChmodBPF” package and running “Install ChmodBPF” to reset the ChmodBPF Launch Daemon for using wireshark.

Bug Fixes:

By Upgrading Wireshark To 4.0.8, 3.6.16 Or Later The Below Bugs Can Be Fixed.

• An Uncontrolled Recursion (CWE-674) in the CBOR dissector has been found by Simone Di Maria in Wireshark 4.0.6 and which let  someone to inject a malformed packet to crash Wireshark.
• The BTSDP dissector could go into an infinite loop. It can make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
• The BTSDP dissector could leak a large memory, which may cause Denial of Service.
• Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7, by default, are susceptible to a divide by zero allowing for a denial of service attack. [CVE-2023-2906] appears to be an instance of [CWE-369].
• TShark cannot capture the pipe on Windows correctly. Issue 17900.

• Wireshark wrongly blames group membership when pcap capabilities are removed. Issue 18279.
• Packet bytes window broken layout. Issue 18326.
• RTP Player only shows waveform until sequence rollover. Issue 18829.
• Valid Ethernet CFM DMM packets are shown as malformed. Issue 19198.
• Crash on DICOM Export Objects window close. Issue 19207.
• The QUIC dissector is reporting the quic_transport_parameters max_ack_delay with the title \”GREASE\” Issue 19209.
• Preferences: Folder name editing behaves weirdly, cursor jumps. Issue 19213.
• DHCPFO: Expert info list does not show all expert infos. Issue 19216.
• Websocket packets not decoded and displayed for Field type=Custom and Field name websocket.payload.text. Issue 19220.
• Cannot read pcapng file captured on OpenBSD and read on FreeBSD. Issue 19230.
• UI: While capturing the Wireshark icon changes from green to blue when a new file is created. Issue 19252.
• Conversation: heap-use-after-free after wmem_leave_file_scope. Issue 19265.
• IP Packets with DSCP 44 does not indicate “Voice-Admit” Issue 19270.
• NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list. Issue 19273.
• UI: Auto scroll button in the toolbar is turned on when manually scrolling to the end of packet list.

There are no new protocols in this release and it updated the protocol support to BT SDP, CBOR, CFM, CP2179, CQL, DHCPFO, DICOM, F1AP, GSM DTAP, IEEE 802.11, IPv4, NAS-5GS, PFCP, PKT CCC, QUIC, RTP, TFTP, WebSocket, and XnAP