Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 678
    • Issues 678
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 155
    • Merge Requests 155
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #10411

Closed
Open
Opened May 07, 2019 by Alicha CH@alichaReporter

[3.8] hostapd: EAP-pwd message reassembly issue with unexpected fragment (CVE-2019-11555)

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate
fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in
process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.

References:

https://www.openwall.com/lists/oss-security/2019/04/26/1
https://w1.fi/security/2019-5/
https://nvd.nist.gov/vuln/detail/CVE-2019-11555

(from redmine: issue id 10411, created on 2019-05-07, closed on 2019-06-20)

  • Relations:
    • parent #10408 (closed)
  • Changesets:
    • Revision 41b28e3b on 2019-06-05T08:24:24Z:
main/hostapd: security fix (CVE-2019-11555)

Fixes #10411
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.8.5
Milestone
3.8.5
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10411