CVE-2019-17133Classic Buffer Overflow in Kernel

CWE-120Classic Buffer Overflow17 documents7 sources
Severity
9.8CRITICALNVD
OSV8.8OSV6.7
EPSS
1.6%
top 18.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxCanonical Ubuntu Linux+2 more
Timeline
PublishedOct 4
Latest updateMay 24

Description

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel2.6.323.16.77+5
Debianlinux/linux_kernel< 5.3.9-1+3
Ubuntulinux/linux_kernel< 4.4.0-170.199+1
debiandebian/linux< linux 5.3.9-1 (bookworm)
NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04

Patches

Patch: marc.infoPatch: marc.info

🔴Vulnerability Details

7
GHSA
GHSA-4v38-w5qx-qhmh: In the Linux kernel through 52022-05-24
OSV
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities2020-01-07
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-12-03
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-12-03
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2019-12-03

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2020-01-07
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-12-03
Ubuntu
Linux kernel vulnerabilities2019-12-03
Ubuntu
Linux kernel vulnerabilities2019-12-03
Ubuntu
Linux kernel vulnerabilities2019-12-02

💬Community

2
Bugzilla
CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c [fedora-all]2019-11-13
Bugzilla
CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c2019-11-13