CVE-2019-9501Heap-based Buffer Overflow in Wifi Drivers

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-358Improperly Implemented Security Check for StandardCWE-300Channel Accessible by Non-Endpoint7 documents7 sources
Severity
8.8HIGHNVD
CNA7.9
EPSS
2.3%
top 15.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Wifi DriversSynology Router Manager
Timeline
PublishedFeb 3
Latest updateMay 24

Description

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5broadcom/wifi_driverswl

🔴Vulnerability Details

3
GHSA
GHSA-vjw8-c937-7hwp: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow2022-05-24
OSV
CVE-2019-9501: In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check2020-07-01
CVEList
Broadcom wl driver is vulnerable to heap buffer overflow2020-02-03

📋Vendor Advisories

2
Android
CVE-2019-9501: Broadcom Firmware2020-07-01
Red Hat
linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation2020-02-05

💬Community

1
Bugzilla
CVE-2019-15126 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation2020-02-27
CVE-2019-9501 — Heap-based Buffer Overflow | cvebase