A vulnerability was found in the WPA protocol implementation found in wpa_supplication and hostapd . The EAP-pwd implementation in hostapd and wpa_supplicant doesn"t properly validate fragmentation reassembly state when receiving an unexpected fragment. This could lead to a process crash due to a NULL pointer derefrence. An attacker in radio range of a station or access point with EAP-pwd support could cause a crash of the relevant process , ensuring a denial of service.