DSA-4450-1 wpa -- wpaID: oval:org.secpod.oval:def:603929 | Date: (C)2019-06-21 (M)2023-12-20 |
Class: PATCH | Family: unix |
A vulnerability was found in the WPA protocol implementation found in wpa_supplication and hostapd . The EAP-pwd implementation in hostapd and wpa_supplicant doesn"t properly validate fragmentation reassembly state when receiving an unexpected fragment. This could lead to a process crash due to a NULL pointer derefrence. An attacker in radio range of a station or access point with EAP-pwd support could cause a crash of the relevant process , ensuring a denial of service.
Product: |
hostapd |
wpagui |
wpasupplicant |