Fluid Attacks Database

Description

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.11	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.8	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| >=0 <2.6-r15	2.6-r15
alpine v3.9	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.9	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| >=0 <2.7-r1	2.7-r1
alpine v3.16	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.14	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.17	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| >=0 <2.8-r0	2.8-r0
alpine v3.13	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.18	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3
alpine v3.19	wpa_supplicant	=0.5.11-r0 \|\| =0.6.10-r0 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.1-r0 \|\| =0.7.1-r1 \|\| =0.7.1-r2 \|\| =0.7.2-r0 \|\| =0.7.2-r1 \|\| =0.7.2-r2 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.0-r2 \|\| =2.0-r3 \|\| =2.1-r0 \|\| =2.1-r1 \|\| =2.1-r2 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.3-r1 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.4-r2 \|\| =2.4-r3 \|\| =2.4-r4 \|\| =2.4-r5 \|\| =2.4-r6 \|\| =2.4-r7 \|\| =2.4-r8 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r10 \|\| =2.6-r11 \|\| =2.6-r12 \|\| =2.6-r13 \|\| =2.6-r14 \|\| =2.6-r15 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.6-r6 \|\| =2.6-r7 \|\| =2.6-r8 \|\| =2.6-r9 \|\| =2.7-r0 \|\| =2.7-r1 \|\| =2.7-r2 \|\| >=0 <2.7-r3	2.7-r3

1-10 of 38

Aliases

1. CVE-2019-115552. NVD-2019-115553. OSV-ALPINE-2019-115554. OSV-2019-115555. OSV-DEBIAN-2019-115556. SECURITY-CVE-2019-115557. SECURITY-TRACKER-CVE-2019-11555

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.