Wireshark 4.4.10 Release Notes

RDM Product Detail List ID Disect incorrect. Issue 20612.

SCCP LUDT segmentation decoding fails. Issue 20647.

Ciscodump fails to start capture on Cisco IOS. Issue 20655.

[BACnet] WritePropertyMultiple closing context tag 1 not showing. Issue 20665.

Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. Issue 20671.

Renegotiated DTLS session is not being decrypted. Issue 20362.

Wireshark is completely stuck in initialization because androiddump recv() is blocked. Issue 20526.

Fuzz job UTF-8 encoding issue: fuzz-2025-06-20-7318.pcap. Issue 20585.

Crash when showing packet in new window after reloading Lua plugins with a certain gui.column.format preference. Issue 20588.

Bug in UDS dissector with Service ReadDataByPeriodicIdentifier Response. Issue 20589.

Packet diagram doesn’t show non-standard field value representations. Issue 20590.

Packet diagram shows representation twice when field type is FT_NONE. Issue 20601.

application/x-www-form-urlencoded key parsed incorrectly following a name-value byte sequence with no '=' Issue 20615.

DNP3 time stamp was unable to work after epoch time(year 2038) Issue 20618.

wnpa-sec-2025-02 Dissection engine crash. Issue 20509. CVE-2025-5601.

Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP. Issue 20463.

Dissector bug, Protocol CIGI. Issue 20496.

Green power packets are not dissected when proto_version == ZBEE_VERSION_GREEN_POWER. Issue 20497.

Packet diagrams misalign or drop bitfields. Issue 20507.

Corruption when setting heuristic dissector table UI name from Lua. Issue 20523.

LDAP dissector incorrectly displays filters with singleton "&" Issue 20527.

WebSocket per-message compression extentions: fail to decompress server messages (from the 2nd) due to parameter handling. Issue 20531.

The LL_PERIODIC_SYNC_WR_IND packet is not properly dissected (packet-btle.c) Issue 20554.

Bug in EtherCAT dissector with ECS order. Issue 13718.

Conversation dialog columns return to default width on each new packet in live capture. Issue 15978.

Tests fail in LTO-enabled builds in Ubuntu/Debian. Issue 18216.

Incorrect conditions in BFCP dissector. Issue 18717.

Static build fails on Ubuntu 24.04 because the c-ares library isn’t found. Issue 20343.

Flutter’s Image Picker Generated JPEG Files Detected as Malformed Packet. Issue 20355.

QUIC dissector breaks when src and dst change. Issue 20371.

s390x: build fail on Ubuntu PPA nighty build. Issue 20372.

Trailing octet after IPv4 packet end is not detected or displayed in raw bytes. Issue 20423.

[packet-ax25-nol3.c] Only call APRS dissector on UI Frames. Issue 20429.

Wireshark hangs when refreshing interfaces with the debug console preference set to "always" and a file open (Windows) Issue 20434.

BGP EVPN - Type-8 route not correctly read after addition of Max. Response Time field. Issue 20459.

Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP. Issue 20463.

MQTT-SN: WILLTOPIC message not decoded correctly (missing some flags) Issue 20476.

GRPC: protobuf_json only displays the truncated string value. Issue 20392.

Wireshark crashes when clicking on a column title/header. Issue 20403.

wnpa-sec-2025-01 Bundle Protocol and CBOR dissector {crash,infinite loop,memory leak}. Issue 20373.

Crash when sorting columns during capture with display filter active. Issue 20263.

OSS-Fuzz 384757274: Invalid-bool-value in dissect_tcp. Issue 20300.

Test failure in 4.4.2/4.4.3: test_sharkd_req_follow_http2. Issue 20330.

Regression in extcap interface toolbar. Issue 20354.

Clicking outside columns in TCP tab of Statistics → Conversations window causes crash. Issue 20357.

FTBFS with Ubuntu development (25.04) release. Issue 20359.

DNS enable_qname_stats crash Wireshark when QDCOUNT == 0. Issue 20367.

Windows: Android extcap plugin fails with "Broken socket connection" if there are no new packets for 2sec. Issue 20386.

TECMP: Calculation of lifecycle start in Status message is wrong. Issue 20387.

MQTT v5.0 properties total length presentation is incorrect. Issue 20389.

TShark doesn’t resolve addresses in custom "hosts" files. Issue 20391.

Incorrect JA4 fingerprint with empty ciphers. Issue 20394.

Potential mis-match in GSM MAP dissector for uncertainty radius and its filter key. Issue 20247.

Macro eNodeB ID and Extended Macro eNodeB ID not decoded by User Location Information. Issue 20276.

The NFSv2 Dissector appears to be swapping Character Special File and Directory in mode decoding. Issue 20290.

CMake discovers Strawberry Perl’s zlib DLL when it shouldn’t. Issue 20304.

VOIP Calls call flow displaying hours. Issue 20311.

Fuzz job issue: fuzz-2024-12-26-7898.pcap. Issue 20313.

sFlow: Incorrect length passed to header sample dissector. Issue 20320.

wsutil: Should link against -lm due to missing fabs() when built with -fno-builtin. Issue 20326.

wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. Issue 20176.

wnpa-sec-2024-15 ECMP dissector crash. Issue 20214.

CIP I/O is not detected by "enip" filter anymore. Issue 19517.

Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041.

OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal. Issue 20065.

JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000. Issue 20066.

Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring. Issue 20082.

PTP analysis loses track of message associations in case of sequence number resets. Issue 20099.

USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed. Issue 20107.

dumpcap crashes when run from TShark with a capture filter. Issue 20108.

SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating. Issue 20113.

Ghost error message on POP3 packets. Issue 20124.

Building against c-ares 1.34 fails. Issue 20125.

D-Bus is not optional anymore. Issue 20126.

macOS Intel DMGs aren’t fully notarized. Issue 20129.

Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture. Issue 20134.

CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142.

Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156.

BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached. Issue 20159.

Statistics→I/O Graph crashes when using simple moving average. Issue 20163.

HTTP2 body decompression fails on DATA with a single padded frame. Issue 20167.

Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.

SIP dissector bug due to "be-route" param in VIA header. Issue 20173.

Coredump after trying to open 'Follow TCP stream' Issue 20174.

Protobuf JSON mapping error. Issue 20182.

Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183.

Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1. Issue 20184.

IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame. Issue 20187.

Wireshark 4.4.1 does not decode RTCP packets. Issue 20188.

Qt: Display filter sub-menu can only be opened on the triangle, not the full name. Issue 20190.

Qt: Changing the display filter does not update the Conversations or Endpoints dialogs. Issue 20191.

MODBUS Dissector bug. Issue 20192.

Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval field. Issue 20193.

Wireshark crashes when a field is dragged from packet details towards the find input. Issue 20204.

Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with comma as decimal separator. Issue 20216.

wnpa-sec-2024-12 ITS dissector crash.