FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment

ID A207BBD8-6572-11E9-8E67-206A8A720317
Type freebsd
Reporter FreeBSD
Modified 2019-04-18T00:00:00


Problem Description: EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference. See for a detailed description of the bug. Impact: All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.