Описание
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:2.6-15ubuntu2.3 |
| cosmic | released | 2:2.6-18ubuntu1.2 |
| devel | released | 2:2.6-21ubuntu4 |
| disco | released | 2:2.6-21ubuntu3.1 |
| esm-infra-legacy/trusty | released | 2.1-0ubuntu1.7+esm1 |
| esm-infra/bionic | released | 2:2.6-15ubuntu2.3 |
| esm-infra/xenial | released | 2.4-0ubuntu6.5 |
| precise/esm | DNE | |
| trusty/esm | released | 2.1-0ubuntu1.7+esm1 |
| upstream | released | 2:2.7+git20190128+0c1e29f-5 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
Уязвимость функции wpa_supplicant сервера EAP hostapd, позволяющая нарушителю вызвать отказ в обслуживании
4.3 Medium
CVSS2
5.9 Medium
CVSS3