The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not validate a fragment is already being processed, which allows remote malicious users to cause a denial of service (memory leak) via a crafted message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi hostapd 2.2 |
||
w1.fi hostapd 2.3 |
||
w1.fi hostapd 2.4 |
||
w1.fi hostapd 2.0 |
||
w1.fi hostapd 2.1 |
||
w1.fi hostapd 1.1 |
||
w1.fi hostapd 1.0 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
w1.fi wpa supplicant 2.0 |
||
w1.fi wpa supplicant 2.1 |
||
w1.fi wpa supplicant 2.2 |
||
w1.fi wpa supplicant 2.3 |
||
w1.fi wpa supplicant 1.1 |
||
w1.fi wpa supplicant 1.0 |
||
w1.fi wpa supplicant 2.4 |