Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-1159

Published: 28/10/2013 Updated: 29/10/2013
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Aircrack-ng

Vulnerability Summary

Multiple heap-based buffer overflows in Aircrack-ng prior to 1.1 allow remote malicious users to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

aircrack-ng aircrack-ng

aircrack-ng aircrack-ng 1.0

aircrack-ng aircrack-ng 0.5

aircrack-ng aircrack-ng 0.4.4

aircrack-ng aircrack-ng 0.4.3

aircrack-ng aircrack-ng 0.4.2

aircrack-ng aircrack-ng 0.9.2

aircrack-ng aircrack-ng 0.9.1

aircrack-ng aircrack-ng 0.9

aircrack-ng aircrack-ng 0.8

aircrack-ng aircrack-ng 0.2

aircrack-ng aircrack-ng 0.1

gentoo linux

aircrack-ng aircrack-ng 0.6.2

aircrack-ng aircrack-ng 0.6

aircrack-ng aircrack-ng 0.4.1

aircrack-ng aircrack-ng 0.3

aircrack-ng aircrack-ng 0.9.3

aircrack-ng aircrack-ng 0.7

aircrack-ng aircrack-ng 0.6.1

aircrack-ng aircrack-ng 0.4

aircrack-ng aircrack-ng 0.2.1

Exploits

Exploit DB: Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC)
#!/usr/bin/env python # -*- coding: UTF-8 -*- ''' A remote-exploit against the aircrack-ng tools Tested up to svn r1675 The tools' code responsible for parsing IEEE80211-packets assumes the self-proclaimed length of a EAPOL-packet to be correct and never to exceed a (arbitrary) maximum size of 256 bytes for packets that are par ...

References

CWE-119http://svn.aircrack-ng.org/trunk/ChangeLoghttp://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.pyhttp://secunia.com/advisories/55053http://secunia.com/advisories/39150http://security.gentoo.org/glsa/glsa-201310-06.xmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/12217/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook