The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi wpa supplicant 1.0 |
||
w1.fi wpa supplicant 2.0 |
||
w1.fi wpa supplicant 2.1 |
||
w1.fi wpa supplicant 2.2 |
||
w1.fi wpa supplicant 1.1 |
||
w1.fi wpa supplicant 2.3 |
||
w1.fi wpa supplicant 2.4 |
||
w1.fi hostapd 1.0 |
||
w1.fi hostapd 2.0 |
||
w1.fi hostapd 2.1 |
||
w1.fi hostapd 2.2 |
||
w1.fi hostapd 1.1 |
||
w1.fi hostapd 2.3 |
||
w1.fi hostapd 2.4 |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |