FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment

Affected packages
12.0 <= FreeBSD < 12.0_3
11.2 <= FreeBSD < 11.2_9
wpa_supplicant < 2.8
hostapd < 2.8

Details

VuXML ID a207bbd8-6572-11e9-8e67-206a8a720317
Discovery 2019-04-18
Entry 2019-04-23

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference.

See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.

References

URL https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt