The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpasupplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eapserver/eapserverpwd.c and eappeer/eappwd.c.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "hostapd-dbgsym": "1:2.4-0ubuntu6.5", "wpasupplicant-udeb": "2.4-0ubuntu6.5", "wpagui-dbgsym": "2.4-0ubuntu6.5", "hostapd": "1:2.4-0ubuntu6.5", "wpagui": "2.4-0ubuntu6.5", "wpasupplicant": "2.4-0ubuntu6.5", "wpasupplicant-udeb-dbgsym": "2.4-0ubuntu6.5", "wpasupplicant-dbgsym": "2.4-0ubuntu6.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "hostapd-dbgsym": "2:2.6-15ubuntu2.3", "wpasupplicant-udeb": "2:2.6-15ubuntu2.3", "wpagui-dbgsym": "2:2.6-15ubuntu2.3", "hostapd": "2:2.6-15ubuntu2.3", "wpagui": "2:2.6-15ubuntu2.3", "wpasupplicant": "2:2.6-15ubuntu2.3", "wpasupplicant-dbgsym": "2:2.6-15ubuntu2.3" } ] }