Wireshark 3.2.7 Released With New Features & Several Bug Fixes

World's most popular network analyzer Wireshark released its new version of Wireshark 3.2.7 with new features with the fixes of several security vulnerabilities.

Wireshark is Open source packet analyzer used for various purpose in the network security industries network troubleshooting, capture and analysis the packets, software and communications protocol development in multi-platforms such as Windows, Linux, OS X and more.

Recently, Wireshark 3.3.0 released with new protocol support and newly added features. Wireshark 3.2.7 update contains no new features 

Protocol Support:-

  • Aeron
  • AFP
  • BLIP
  • BSSMAP
  • C12.22
  • DICOM
  • E.212
  • GQUIC
  • GSM A RR
  • GTPv2
  • GVSP
  • IPX SAP
  • MIME Multipart
  • MMS
  • NAS-5GS
  • NCP, NDS
  • PFCP
  • PROFINET
  • Q.708
  • Q.933
  • RTCP
  • S1AP
  • TACACS+
  • TCP
  • TDS
  • TDS7
  • X2AP
  • XML

What's New in  Wireshark 3.2.7

With the new, the Windows installers now ship with Npcap 0.9997 & Qt 5.12.9.

Npcap – A Nmap Project’s packet sniffing (and sending) library for Windows.
Qt – widget toolkit for creating graphical user interfaces.

Wireshark 3.2.7 Vulnerability Fixes:-

Following security vulnerabilities that fixed in this update let hackers allowed to inject a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

CVE-2020-25863 – MIME Multipart dissector crash
CVE-2020-25862 – TCP dissector crash
CVE-2020-25866 – BLIP dissector crash

Other Bugs fixed;

  • HTTP dissector fails to display correct UTF-16 XML Bug 9069.
  • TFTP dissector does not track conversations correctly. Source file and Destination File redundant or disagree. Bug 10305.
  • Dissector skips DICOM command Bug 13110.
  • Editcap time adjustment doesn’t work when both infile and outfile are ERF Bug 16578.
  • dissect_tds7_colmetadata_token() has wrong return value if count is 0 Bug 16682.
  • “total block length …​ is too small” for Systemd Journal Export Block Bug 16734.
  • MNC 11 is showing Mobile Network Code (MNC): NTT DoCoMo Tokai Inc. (11) But its belonging to Rakuten Network Bug 16755.
  • DICOM object extraction: discrepancy between tshark and wireshark Bug 16771.
  • S1-U data forwarding info and S103 PDN data forwarding info IE’s showing improper value Bug 16777.
  • Wireshark crashes while opening a capture Bug 16780.
  • Changing preferences via Decode As does not call callback Bug 16787.
  • Decoding of PFCP IE ‘Remote GTP-U Peer’ is incorrect Bug 16805.
  • Ng-enb not decoded correctly for Target Identification IE for GTPV2 Bug 16822.
  • The client timestamp is parsed error for Google QUIC (version Q039) Bug 16839.
  • NAS-5G : PDU session reactivation result Bug 16842.
  • Wireshark fails to detect libssh >= 0.9.5 Bug 16845.

You can download the new version here.

You can also take  Master in Wireshark Network Analysis Training, A Hands-on course provides a complete network analysis Training using Wireshark.

Next article What is the Bug Bounty Program? How does Ethical Hackers Earning Thousands of Dollars by Reporting Bugs?