{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-18T04:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/6"}, {"tags": ["x_refsource_MISC"], "url": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://w1.fi/security/2019-5/"}, {"name": "[oss-security] 20190426 Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/26/1"}, {"name": "USN-3969-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3969-1/"}, {"name": "USN-3969-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3969-2/"}, {"name": "FEDORA-2019-ff1b728d09", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/"}, {"name": "FreeBSD-SA-19:03", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"name": "DSA-4450", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4450"}, {"name": "20190527 [SECURITY] [DSA 4450-1] wpa security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/64"}, {"name": "FEDORA-2019-28d3ca93d2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "FEDORA-2019-d6bc3771a4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/"}, {"name": "GLSA-201908-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2019/04/18/6", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/04/18/6"}, {"name": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt", "refsource": "MISC", "url": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt"}, {"name": "https://w1.fi/security/2019-5/", "refsource": "MISC", "url": "https://w1.fi/security/2019-5/"}, {"name": "[oss-security] 20190426 Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/26/1"}, {"name": "USN-3969-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3969-1/"}, {"name": "USN-3969-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3969-2/"}, {"name": "FEDORA-2019-ff1b728d09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/"}, {"name": "FreeBSD-SA-19:03", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/40"}, {"name": "DSA-4450", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4450"}, {"name": "20190527 [SECURITY] [DSA 4450-1] wpa security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/64"}, {"name": "FEDORA-2019-28d3ca93d2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "FEDORA-2019-d6bc3771a4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/"}, {"name": "GLSA-201908-25", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-25"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:41.021Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://w1.fi/security/2019-5/"}, {"name": "[oss-security] 20190426 Re: wpa_supplicant/hostapd: EAP-pwd message reassembly issue with unexpected fragment", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/26/1"}, {"name": "USN-3969-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3969-1/"}, {"name": "USN-3969-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3969-2/"}, {"name": "FEDORA-2019-ff1b728d09", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/"}, {"name": "FreeBSD-SA-19:03", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/40"}, {"name": "DSA-4450", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4450"}, {"name": "20190527 [SECURITY] [DSA 4450-1] wpa security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/64"}, {"name": "FEDORA-2019-28d3ca93d2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/"}, {"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"name": "FEDORA-2019-d6bc3771a4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/"}, {"name": "GLSA-201908-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-25"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11555", "datePublished": "2019-04-26T21:16:24", "dateReserved": "2019-04-26T00:00:00", "dateUpdated": "2024-08-04T22:55:41.021Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C8A8224-43A2-4695-9FFE-DD2FB409C89F", "versionEndExcluding": "2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "matchCriteriaId": "771CFB6E-2EC2-4453-98EC-42BFC280F745", "versionEndExcluding": "2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c."}, {"lang": "es", "value": "La implementaci\u00f3n de EAP-pwd en hostapd (servidor EAP),versiones anteriores a 2.8, y wpa_supplicant (peer EAP), versiones anteriores a 2.8, no valida correctamente el estado de reensamblado de la fragmentaci\u00f3n para un caso en el que se pudiera recibir un fragmento no esperado. Esto podr\u00eda derivar en la terminaci\u00f3n del proceso debido a una derivaci\u00f3n de un puntero NULL (denegaci\u00f3n de servicio). Esto afecta a eap_server/eap_server_pwd.c y eap_peer/eap_pwd.c."}], "id": "CVE-2019-11555", "lastModified": "2023-11-07T03:03:03.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-26T22:29:00.357", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/26/1"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T7G763UECWR7FQXOJVL67PW7C5A3SA4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJKZHAT5KPUN26JL77EUH563GAH5XZ5C/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQ6P2GI5GSXRNLNIUNPARFZQVDEIGVZD/"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/May/40"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/May/64"}, {"source": "cve@mitre.org", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201908-25"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3969-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3969-2/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://w1.fi/security/2019-5/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2019/dsa-4450"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/04/18/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wpa_supplicant: NULL pointer dereference due to improper fragmentation reassembly state validation in EAP-pwd implementation", "id": "1703417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703417"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c."], "name": "CVE-2019-11555", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-04-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11555\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11555\nhttps://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt"], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include support for EAP-pwd.\nThis issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7, and 8 as they are not compiled with EAP-pwd enabled. In particular, the CONFIG_EAP_PWD=y option is not set at compile time.", "threat_severity": "Moderate", "upstream_fix": "wpa_supplicant 2.8"}