Vulnerability Name: | CVE-2015-5314 (CCN-139833) | ||||||||||||||||||||||||||||
Assigned: | 2015-07-01 | ||||||||||||||||||||||||||||
Published: | 2015-07-01 | ||||||||||||||||||||||||||||
Updated: | 2018-03-21 | ||||||||||||||||||||||||||||
Summary: | The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-5314 Source: CONFIRM Type: Mitigation, Vendor Advisory http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt Source: CCN Type: oss-sec Mailing List, Tue, 10 Nov 2015 19:48:08 +0200 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation Source: MLIST Type: Mailing List, Mitigation, Patch, Third Party Advisory [oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation Source: UBUNTU Type: Broken Link USN-2808-1 Source: XF Type: UNKNOWN hostapd-cve20155314-dos(139833) Source: CCN Type: hostapd Web site hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Source: DEBIAN Type: Third Party Advisory DSA-3397 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-5314 | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |