The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2015-06-15 08:59
Updated : 2018-10-30 09:27
NVD link : CVE-2015-4146
Mitre link : CVE-2015-4146
JSON object : View
CWE
Products Affected
w1.fi
- wpa_supplicant
- hostapd
opensuse
- opensuse