Back to search
CVE-2019-11555
Published: Apr 26, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.openwall.com/lists/oss-security/2019/04/18/6
x_refsource_MISC
https://w1.fi/security/2019-5/
x_refsource_MISC
[oss-security] 20190426 Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment
mailing-list
x_refsource_MLIST
USN-3969-1
vendor-advisory
x_refsource_UBUNTU
USN-3969-2
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-ff1b728d09
vendor-advisory
x_refsource_FEDORA
FreeBSD-SA-19:03
vendor-advisory
x_refsource_FREEBSD
20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa
mailing-list
x_refsource_BUGTRAQ
DSA-4450
vendor-advisory
x_refsource_DEBIAN
20190527 [SECURITY] [DSA 4450-1] wpa security update
mailing-list
x_refsource_BUGTRAQ
FEDORA-2019-28d3ca93d2
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update
mailing-list
x_refsource_MLIST
FEDORA-2019-d6bc3771a4
vendor-advisory
x_refsource_FEDORA
GLSA-201908-25
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now