The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wpa_supplicant | W1.fi | 1.0 (including) | 1.0 (including) |
Wpa_supplicant | W1.fi | 1.1 (including) | 1.1 (including) |
Wpa_supplicant | W1.fi | 2.0 (including) | 2.0 (including) |
Wpa_supplicant | W1.fi | 2.1 (including) | 2.1 (including) |
Wpa_supplicant | W1.fi | 2.2 (including) | 2.2 (including) |
Wpa_supplicant | W1.fi | 2.3 (including) | 2.3 (including) |
Wpa_supplicant | W1.fi | 2.4 (including) | 2.4 (including) |
Hostapd | Ubuntu | upstream | * |
Wpa | Ubuntu | devel | * |
Wpa | Ubuntu | trusty | * |
Wpa | Ubuntu | upstream | * |
Wpa | Ubuntu | utopic | * |
Wpa | Ubuntu | vivid | * |
Wpa | Ubuntu | vivid/stable-phone-overlay | * |
Wpa | Ubuntu | vivid/ubuntu-core | * |
Wpasupplicant | Ubuntu | upstream | * |