Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 671
    • Issues 671
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 168
    • Merge Requests 168
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #10412

Closed
Open
Opened May 07, 2019 by Alicha CH@alichaReporter

[3.7] hostapd: EAP-pwd message reassembly issue with unexpected fragment (CVE-2019-11555)

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate
fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in
process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.

References:

https://www.openwall.com/lists/oss-security/2019/04/26/1
https://w1.fi/security/2019-5/
https://nvd.nist.gov/vuln/detail/CVE-2019-11555

(from redmine: issue id 10412, created on 2019-05-07, closed on 2019-06-20)

  • Relations:
    • parent #10408 (closed)
  • Changesets:
    • Revision 71e80d98 on 2019-06-05T08:26:11Z:
main/hostapd: security fix (CVE-2019-11555)

Fixes #10412
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
3.7.4
Milestone
3.7.4
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10412