CVE-2012-4445
published 2012-10-10CVE-2012-4445: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
4.22%
89.7th percentile
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 1.0-3 (bookworm) | wpa 1.0-3 (bookworm) |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hh4-7m9c-h6f2: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common
ghsa_unreviewed·2022-05-17
CVE-2012-4445 [MEDIUM] CWE-119 GHSA-2hh4-7m9c-h6f2: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
OSV
CVE-2012-4445: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common
osv·2012-10-10·CVSS 4.3
CVE-2012-4445 [MEDIUM] CVE-2012-4445: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
BSD
FreeBSD-SA-12:07.hostapd: Insufficient message length validation for EAP-TLS messages
bsd_advisories·2012-11-22·CVSS 4.3
CVE-2012-4445 [MEDIUM] FreeBSD-SA-12:07.hostapd: Insufficient message length validation for EAP-TLS messages
FreeBSD-SA-12:07.hostapd Security Advisory
The FreeBSD Project
Topic: Insufficient message length validation for EAP-TLS messages
Category: contrib
Module: wpa
Announced: 2012-11-22
Credits: Timo Warns, Jouni Malinen
Affects: FreeBSD 8.0 and later.
Corrected: 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE)
2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5)
2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE)
2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1)
2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1)
CVE Name: CVE-2012-4445
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please v
Red Hat
wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
vendor_redhat·2012-10-08·CVSS 4.3
CVE-2012-4445 [MEDIUM] wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
Statement: Not Vulnerable. This issue does not affect the version of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.
Package: wpa_supplicant (Red Hat Enterprise Linux 5) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-4445: wpa - Heap-based buffer overflow in the eap_server_tls_process_fragment function in ea...
vendor_debian·2012·CVSS 4.3
CVE-2012-4445 [MEDIUM] CVE-2012-4445: wpa - Heap-based buffer overflow in the eap_server_tls_process_fragment function in ea...
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
Scope: local
bookworm: resolved (fixed in 1.0-3)
bullseye: resolved (fixed in 1.0-3)
forky: resolved (fixed in 1.0-3)
sid: resolved (fixed in 1.0-3)
trixie: resolved (fixed in 1.0-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
bugzilla·2012-10-09·CVSS 4.3
CVE-2012-4445 [MEDIUM] CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedorap
Bugzilla
CVE-2012-4445 hostapd: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
bugzilla·2012-10-08·CVSS 4.3
CVE-2012-4445 [MEDIUM] CVE-2012-4445 hostapd: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
CVE-2012-4445 hostapd: DoS (abort) by processing certain fragmented EAP-TLS messages [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updat
Bugzilla
CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
bugzilla·2012-09-24·CVSS 4.3
CVE-2012-4445 [MEDIUM] CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
A denial of service flaw was found in the way hostapd, a user space daemon for access point and authentication servers, processed certain fragmented EAP-TLS messages. A remote attacker could send a specially-crafted EAP-TLS message to hostapd that, when processed would lead to hostapd daemon abort.
Acknowledgements:
Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue.
Discussion:
This issue affects the versions of the hostapd package, as shipped with Fedora release of 16 and 17.
---
Preliminary embargo date for this issue has been set up to Monday, 8-th October 2012.
---
Created attachment 616508
Proposed eap_server_tls_process_fragment() p
http://osvdb.org/86051http://secunia.com/advisories/50805http://secunia.com/advisories/50888http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8dehttp://www.debian.org/security/2012/dsa-2557http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.aschttp://www.mandriva.com/security/advisories?name=MDVSA-2012:168http://www.openwall.com/lists/oss-security/2012/10/08/3http://www.pre-cert.de/advisories/PRE-SA-2012-07.txthttp://www.securityfocus.com/bid/55826http://www.securitytracker.com/id?1027808https://exchange.xforce.ibmcloud.com/vulnerabilities/79104http://osvdb.org/86051http://secunia.com/advisories/50805http://secunia.com/advisories/50888http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8dehttp://www.debian.org/security/2012/dsa-2557http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.aschttp://www.mandriva.com/security/advisories?name=MDVSA-2012:168http://www.openwall.com/lists/oss-security/2012/10/08/3http://www.pre-cert.de/advisories/PRE-SA-2012-07.txthttp://www.securityfocus.com/bid/55826http://www.securitytracker.com/id?1027808https://exchange.xforce.ibmcloud.com/vulnerabilities/79104
2012-10-10
Published