Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wpa_supplicant 缓冲区错误漏洞
Vulnerability Description
wpa_supplicant是软件开发者Jouni Malinen和其他贡献者共同开发的一套运行在后台的守护程序,它主要用来支持WEP、WPA/WPA2和WAPI无线协议和加密认证。 wpa_supplicant 2.6之前的2.x版本中的eap_peer/eap_pwd.c文件的‘eap_pwd_process’函数存在安全漏洞,该漏洞源于网络配置文件中的EAP-pwd被启用时,程序没有检测重组缓冲区是否可以容下最后的片段。远程攻击者可借助EAP-pwd消息中较大的末尾片段利用该漏洞造成拒绝服务(进程终
CVSS Information
N/A
Vulnerability Type
N/A