CVE-2012-4445

hostapd 0.6-1.0 - Heap-Based Buffer Overflow via EAP-TLS Message Length

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.

References (12)

Core 12
Core References
Various Sources x_refsource_misc
http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/10/08/3
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50805
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2557
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027808
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/86051
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55826
Vendor Advisory vendor-advisory x_refsource_freebsd
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79104
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50888

Scores

EPSS 0.0422
EPSS Percentile 89.8%

Details

CWE
CWE-119
Status published
Products (13)
w1.fi/hostapd 0.6.0
w1.fi/hostapd 0.6.1
w1.fi/hostapd 0.6.2
w1.fi/hostapd 0.6.3
w1.fi/hostapd 0.6.4
w1.fi/hostapd 0.6.5
w1.fi/hostapd 0.6.6
w1.fi/hostapd 0.6.7
w1.fi/hostapd 0.7.0
w1.fi/hostapd 0.7.1
... and 3 more
Published Oct 10, 2012
Tracked Since Feb 18, 2026