Description
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Lukas Lueg · pythondosmultiple
https://www.exploit-db.com/exploits/12217
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201310-06.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39150
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55053
Various Sources x_refsource_confirm
http://svn.aircrack-ng.org/trunk/ChangeLog
Scores
EPSS
0.2640
EPSS Percentile
96.3%
Details
CWE
CWE-119
Status
published
Products (22)
aircrack-ng/aircrack-ng
0.1
aircrack-ng/aircrack-ng
0.2
aircrack-ng/aircrack-ng
0.2.1
aircrack-ng/aircrack-ng
0.3
aircrack-ng/aircrack-ng
0.4
aircrack-ng/aircrack-ng
0.4.1
aircrack-ng/aircrack-ng
0.4.2
aircrack-ng/aircrack-ng
0.4.3
aircrack-ng/aircrack-ng
0.4.4
aircrack-ng/aircrack-ng
0.5
... and 12 more
Published
Oct 28, 2013
Tracked Since
Feb 18, 2026