nmap-7.98

[Bruce Dubbs]

New minor version.

[Bruce Dubbs]

#Nmap Changelog 2025-08-07

• Updated liblua to 5.4.8

• Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds.

• [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out.

• [GH#2757] Fix a crash in traceroute when using randomly-generated decoys: "Assertion `source->ss_family == AF_INET' failed"

• [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"

• [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed." when reading from an SSL connection.

• [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases.

• [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will new use keyboard-interactive auth if password auth is not offered.

• Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found up instead of just skipping them for reverse DNS.

• [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since Nmap 7.96.

• [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites.

• [GH#3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address.

• [Ndiff][GH#3115] Have configure script check for PyPA 'build' module.

• [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover latest strings.

• [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being installed.

• [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file" when Nmap crashes or fails.

• [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser.

• [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with "urn:".

[Bruce Dubbs]

Fixed at commits

356db9271e Update to nmap-7.98.
9cab8dd939 Update to nano-8.6.