43 matches found
Broadcom 802.11v WNM Sleep Mode Response Heap Overflow Vulnerability
Broadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode Response. Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response CVE-2017-7065 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are...
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as...
wpa_supplicant/hostapd ap/wmm.c hostapd_wmm_action() WMM action frame handling integer overflow vulnerability
hostapd is a user-state daemon for APs and authentication servers. wpasupplicant is a WiFi-capable component for Android that supports authentication of wireless connections. The hostapd ap/wmm.c hostapdwmmaction function handles WMM action frames with an integer overflow vulnerability that allow...