The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote malicious users to cause a denial of service (crash) via a crafted message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w1.fi wpa supplicant 2.0 |
||
w1.fi wpa supplicant 2.1 |
||
w1.fi wpa supplicant 2.2 |
||
w1.fi wpa supplicant 2.3 |
||
w1.fi wpa supplicant 1.1 |
||
w1.fi wpa supplicant 1.0 |
||
w1.fi wpa supplicant 2.4 |
||
w1.fi hostapd 2.1 |
||
w1.fi hostapd 2.2 |
||
w1.fi hostapd 1.1 |
||
w1.fi hostapd 1.0 |
||
w1.fi hostapd 2.0 |
||
w1.fi hostapd 2.3 |
||
w1.fi hostapd 2.4 |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |