Published: 31/01/2020 Updated: 05/02/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng prior to 1.2 RC 1 allows remote malicious users to execute arbitrary code via a crafted length parameter value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aircrack-ng aircrack-ng
aircrack-ng aircrack-ng 1.2

Debian Bug report logs - #767979 aircrack-ng: CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324 Package: aircrack-ng; Maintainer for aircrack-ng is Debian Security Tools <team+pkg-security@trackerdebianorg>; Source for aircrack-ng is src:aircrack-ng (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@d ...

/* * Exploit Title: Aireplay "tcp_test" Length Parameter Inconsistency * Date: 10/3/2014 * Exploit Author: Nick Sampanis * Vendor Homepage: wwwaircrack-ngorg/ * Version: Aireplay-ng 12 beta3 * Tested on: Kali Linux 109 x64 * CVE : CVE-2014-8322 * Description: Affected option "aireplay-ng --test" */ #include <stdioh> #in ...

CWE-787 https://github.com/aircrack-ng/aircrack-ng/pull/14 https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98459 http://www.exploit-db.com/exploits/35018 http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767979 https://nvd.nist.gov https://www.exploit-db.com/exploits/35018/

CVE-2014-8322

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect