CVE-2019-11555
Published: 26 April 2019
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
Priority
Status
Package | Release | Status |
---|---|---|
wpa Launchpad, Ubuntu, Debian |
upstream |
Released
(2:2.7+git20190128+0c1e29f-5)
|
xenial |
Released
(2.4-0ubuntu6.5)
|
|
bionic |
Released
(2:2.6-15ubuntu2.3)
|
|
cosmic |
Released
(2:2.6-18ubuntu1.2)
|
|
disco |
Released
(2:2.6-21ubuntu3.1)
|
|
Patches: upstream: https://w1.fi/security/2019-5/ |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555
- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
- http://www.openwall.com/lists/oss-security/2019/04/26/1
- https://www.openwall.com/lists/oss-security/2019/04/18/6
- https://ubuntu.com/security/notices/USN-3969-1
- https://ubuntu.com/security/notices/USN-3969-2
- NVD
- Launchpad
- Debian