CVE - CVE-2019-11555

CVE-ID
CVE-2019-11555	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa URL:https://seclists.org/bugtraq/2019/May/40 BUGTRAQ:20190527 [SECURITY] [DSA 4450-1] wpa security update URL:https://seclists.org/bugtraq/2019/May/64 DEBIAN:DSA-4450 URL:https://www.debian.org/security/2019/dsa-4450 FEDORA:FEDORA-2019-28d3ca93d2 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/ FEDORA:FEDORA-2019-d6bc3771a4 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/ FEDORA:FEDORA-2019-ff1b728d09 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/ FREEBSD:FreeBSD-SA-19:03 URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc GENTOO:GLSA-201908-25 URL:https://security.gentoo.org/glsa/201908-25 MISC:https://w1.fi/security/2019-5/ MISC:https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt MISC:https://www.openwall.com/lists/oss-security/2019/04/18/6 MLIST:[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update URL:https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html MLIST:[oss-security] 20190426 Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment URL:http://www.openwall.com/lists/oss-security/2019/04/26/1 UBUNTU:USN-3969-1 URL:https://usn.ubuntu.com/3969-1/ UBUNTU:USN-3969-2 URL:https://usn.ubuntu.com/3969-2/
Assigning CNA
MITRE Corporation
Date Record Created
20190426	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190426)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)