Wireshark 4.2.5 available for download

The new version fixes three security vulnerabilities and several bugs.

Users analyzing data traffic in networks with Wireshark should update the tool for security reasons. DoS vulnerabilities in the network analysis tool Wireshark have been fixed. In the new version of Wireshark, the developers have fixed three security vulnerabilities and several bugs.

Fixed vulnerabilities

In the according Release Notes the threat level of the vulnerabilities (CVE-2024-4853, CVE-2024-4854, CVE-2024-4855) has not been assessed. The post about the repaired Wireshark version 4.2.5 states that these are DoS vulnerabilities. Attackers can use a crafted file to cause the tool to crash. How this could happen in detail is currently unclear.

In addition, the developers have fixed several bugs. Among other things, errors in SSH decryption in the context of elliptic curves have been fixed.

The following bugs have been fixed:

Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. Issue 12932.

TCP Stream Window Scaling not working in version 2.6.1 and later. Issue 15016.

TCP stream graphs (Window scaling) axis display is confusing. Issue 17425.

LUA get_dissector does not give the correct dissector under 32-bit version. Issue 18367.

Lua: Segfault when registering a field or expert info twice. Issue 19194.

SSH can not decrypt when KEX is curve25519-sha256@libssh.org. Issue 19240.

Wireshark crash related to Lua DissectorTable.heuristic_new() Issue 19603.

MATE fails to extract HTTP2 User-Agent header. Issue 19619.

and some more.

How to get the new version

If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will need to download and install Wireshark 4.2.5 or later by hand.

Find the Wireshark version download on UpdateStar here.

The Wireshark source code and installation packages are also available from https://www.wireshark.org/download.html.

about author