Your submission was sent successfully! Close

CVE-2012-4445

Published: 10 October 2012

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.

Priority

Medium

Status

Package Release Status
hostapd
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
natty
Released (0.6.10-2+squeeze1build0.11.04.1)
oneiric Ignored
(reached end-of-life)
precise
Released (1:0.7.3-4ubuntu1.1)
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

wpa
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Ignored
(reached end-of-life)
raring Not vulnerable
(1.0-3ubuntu1)
saucy Not vulnerable
(1.0-3ubuntu1)
trusty Not vulnerable
(1.0-3ubuntu1)
upstream
Released (1.0-3)
utopic Not vulnerable
(1.0-3ubuntu1)