DSA-2557-1 hostapd -- buffer overflowID: oval:org.secpod.oval:def:600897 | Date: (C)2012-10-17 (M)2023-02-20 |
Class: PATCH | Family: unix |
Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.