3 matches found
Null pointer dereference
The eappwdperformconfirmexchange function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an EAP-pwd Confirm message followed by the...
CVE-2015-5316
The CVE-2015-5316 issue affects wpa_supplicant (2.x) prior to 2.6, in the eap_pwd_perform_confirm_exchange function inside eap_pwd.c. When EAP-pwd is enabled in a network profile, processing an EAP-pwd Confirm message followed by the Identity exchange can trigger a NULL pointer dereference, leadi...
CVE-2015-5315
The eappwdprocess function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service process...