FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SAE confirm missing state validation

Affected packages
12.0 <= FreeBSD < 12.0_3
11.2 <= FreeBSD < 11.2_9
wpa_supplicant < 2.8
hostapd < 2.8

Details

VuXML ID 98b71436-656d-11e9-8e67-206a8a720317
Discovery 2019-04-10
Entry 2019-04-23

Problem Description:

When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode.

See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug.

Impact:

All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).

References

CVE Name CVE-2019-9496