CVE-2019-17133

Опубликовано: 04 окт. 2019

Источник: redhat

CVSS3: 8

EPSS Низкий

Описание

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2020:0790	11.03.2020
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2020:0375	04.02.2020
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHSA-2020:0174	21.01.2020
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2020:0374	04.02.2020
Red Hat Enterprise Linux 7.2 Advanced Update Support	kernel	Fixed	RHSA-2020:0661	03.03.2020
Red Hat Enterprise Linux 7.3 Advanced Update Support	kernel	Fixed	RHSA-2020:0653	03.03.2020
Red Hat Enterprise Linux 7.3 Telco Extended Update Support	kernel	Fixed	RHSA-2020:0653	03.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1771909kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c

EPSS

Процентиль: 81%

0.01678

Низкий

8 High

CVSS3

Связанные уязвимости

CVE-2019-17133

CVSS3: 9.8

ubuntu

почти 6 лет назад

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

CVE-2019-17133

CVSS3: 9.8

nvd

почти 6 лет назад

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

CVE-2019-17133

CVSS3: 9.8

debian

почти 6 лет назад

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...

GHSA-4v38-w5qx-qhmh

CVSS3: 9.8

github

около 3 лет назад

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

BDU:2020-00078

CVSS3: 9.8

fstec

почти 6 лет назад

Уязвимость функции cfg80211_mgd_wext_giwessid (net/wireless/wext-sme.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 81%

0.01678

Низкий

8 High

CVSS3