| Revision Date: | 2022-06-30 | Version: | 1 |
| Title: | CVE-2015-5314 |
| Description: |
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | CVE-2015-5314
Mitre CVE-2015-5314
SUSE CVE-2015-5314
openSUSE-SU-2017:2896-1
|
| Platform(s): | openSUSE Leap 42.2
openSUSE Leap 42.3
openSUSE Tumbleweed
| Product(s): | |
| Definition Synopsis |
| openSUSE Leap 42.2 is installed AND Package Information
hostapd-2.6-5.3.1 is installed
AND hostapd is signed with openSUSE key
|
| Definition Synopsis |
| openSUSE Leap 42.3 is installed
AND Package Information
hostapd-2.6-8 is installed
AND hostapd is signed with openSUSE key
|
| Definition Synopsis |
| openSUSE Tumbleweed is installed
AND hostapd-2.6-1.1 is installed
|