14 DAY TRIAL // Wireshark, a network protocol analyzing utility, received a fresh update, to build 1.10.4 that targets a few security vulnerabilities, along with other glitches affecting stability and functionality of the application.
The security bugs eliminated in this revision affected BSSGP and NTLMSSP v2 dissectors and presented the risk of an attacker crashing Wireshark either by injecting a malformed packet into the wire or when a malformed packet trace file would be read.
Another vulnerability could cause SIP dissector to enter into a continuous loop and cause Wireshark to use excessive CPU; this behavior would also be achieved through the above-mentioned vector.
Apart from this, Wireshark 1.10.4 should no longer display a black background with black font in the case of VoIP graph analysis window, and “on-the-wire” packet sizes are now limited to 64KB.
Furthermore, a DTLS (datagram transport layer security) buffer overflow in MAC checking has been eliminated.