Description
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Third Party Advisory x_refsource_misc
https://www.fragattacks.com
Third Party Advisory x_refsource_misc
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/11/12
Third Party Advisory x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Scores
CVSS v3
5.3
EPSS
0.0153
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-74
Status
published
Products (1)
openbsd/openbsd
6.6
Published
May 11, 2021
Tracked Since
Feb 18, 2026