Date: Thu, 7 May 2015 15:15:07 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Jouni Malinen <j@...fi> Subject: Re: CVE request: vulnerability in wpa_supplicant and hostapd On Thu, May 07, 2015 at 01:58:27PM +0200, Martin Prpic wrote: > Hi, I don't see a CVE assigned for this anywhere: > > http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt > > "EAP-pwd missing payload length validation > > A vulnerability was found in EAP-pwd server and peer implementation used > in hostapd and wpa_supplicant, respectively. The EAP-pwd/Commit and > EAP-pwd/Confirm message payload is processed without verifying that the > received frame is long enough to include all the fields. This results in > buffer read overflow of up to couple of hundred bytes." > > Patches are included in: http://w1.fi/security/2015-4/ There are currently 5 sets of advisories+patches at: http://w1.fi/security/ These are numbered 2014-1, 2015-. Out of them, it appears that only 2014-1 (CVE-2014-3686) and 2015-1 (CVE-2015-1863) have been on oss-security so far: http://www.openwall.com/lists/oss-security/2014/10/09/28 http://www.openwall.com/lists/oss-security/2015/04/22/8 I haven't looked into this closely, but maybe Martin's request should be for 2015- rather than only for 2015-4. And I'd like to see the full advisories posted in here so that they are preserved in the list archives, unless there's a reason not to. Jouni? Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ