Opened 7 months ago
Closed 7 months ago
Last modified 8 weeks ago
New point version.
The following vulnerabilities have been fixed:
wnpa-sec-2021-03 Wireshark could open unsafe URLs. Issue 17232. CVE-2021-22191.
The following bugs have been fixed:
NTP Version 3 Client Decode PDML output issue (Reference ID Issue) Issue 17112.
3.4.2: public wireshark include files are including build time "config.h" Issue 17190.
wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array index ? Issue 17198.
SIP protocol: P-Called-Party-ID header mixed up with P-Charge-Info header Issue 17215.
Asterix CAT010 Decode Error Issue 17226.
_ws.expert columns not populated for IPv4 Issue 17228.
Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue 17233.
gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024) that v3.2.6 succeeds. Issue 17250.
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
New and Updated Capture File Support
https://gitlab.com/wireshark/wireshark/-/issues/17232 - This vulnerability was introduced about 17 years ago!
The official classification is "Remote Code Execution". In the case of the Windows PoC, it pops a Java window, but in the case of the two Linux PoCs (pulling the file from WebDav and NFS), it pops an xmessage window.
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.