FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment

2019-04-18T00:00:00
ID A207BBD8-6572-11E9-8E67-206A8A720317
Type freebsd
Reporter FreeBSD
Modified 2019-04-18T00:00:00

Description

Problem Description: EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference. See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug. Impact: All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.