CVE-2019-9501
published 2020-02-03CVE-2019-9501: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap…
PriorityP351high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
2.93%
85.4th percentile
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ipados | < 13.2 | 13.2 |
| apple | iphone_os | < 13.2 | 13.2 |
| apple | mac_os_x | < 10.15.1 | 10.15.1 |
| broadcom | wifi_drivers | — | — |
| android | — | — | |
| synology | router_manager | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:A/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2g8-8j8x-3728: An issue was discovered on Broadcom Wi-Fi client devices
ghsa_unreviewed·2022-05-24·CVSS 7.9
CVE-2019-15126 [HIGH] GHSA-p2g8-8j8x-3728: An issue was discovered on Broadcom Wi-Fi client devices
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
GHSA
GHSA-vjw8-c937-7hwp: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow
ghsa_unreviewed·2022-05-24
CVE-2019-9501 [HIGH] GHSA-vjw8-c937-7hwp: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
OSV
CVE-2019-9501: In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check
osv·2020-07-01
CVE-2019-9501 CVE-2019-9501: In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check
In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2019-9501: Broadcom Firmware
vendor_android·2020-07-01·CVSS 7.9
CVE-2019-9501 [HIGH] CVE-2019-9501: Broadcom Firmware
Android Security Bulletin 2020-07-01
CVE: CVE-2019-9501
Severity: CRITICAL
Type: RCE
Component: Broadcom Firmware
References: A-130373736
*
Red Hat
linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
vendor_redhat·2020-02-05·CVSS 3.1
CVE-2019-15126 [LOW] CWE-358 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Statement: This issue is present in the Broadcom Wi-Fi client devices firmware and is not fixable in software. While Red Hat ships certain hardware firmware binary blobs via linux-firmware package we rely on the hardware vendors to populate (and document) these firmware binary blobs
No detection rules found.
No public exploits indexed.
2020-02-03
Published