Madwifi Security Vulnerabilities and Issues — Madwifi CVE List

Lucene search

MadwifiMadwifi

10 matches found

CVE•added 2007/10/14 6:17 p.m.•52 views

CVE-2007-5448

Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.

4.3CVSS6.2AI score0.02181EPSS

CVE•added 2007/03/30 1:0 a.m.•50 views

CVE-2005-4835

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race c...

7.1CVSS6.6AI score0.01318EPSS

CVE•added 2006/12/10 11:28 a.m.•50 views

CVE-2006-6332

Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.

7.5CVSS7.9AI score0.60314EPSS

CVE•added 2007/03/30 1:19 a.m.•44 views

CVE-2006-7177

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."

7.8CVSS6.2AI score0.0338EPSS

CVE•added 2007/05/24 2:30 a.m.•44 views

CVE-2007-2831

Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary ...

10CVSS6.8AI score0.02089EPSS

CVE•added 2007/05/24 2:30 a.m.•42 views

CVE-2007-2829

The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.

5CVSS6.1AI score0.03862EPSS

CVE•added 2007/03/30 1:19 a.m.•41 views

CVE-2006-7178

MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.

7.8CVSS6.2AI score0.0649EPSS

CVE•added 2007/03/30 1:19 a.m.•41 views

CVE-2006-7180

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.

6.8CVSS6.5AI score0.03327EPSS

CVE•added 2007/03/30 1:19 a.m.•40 views

CVE-2006-7179

ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.

7.8CVSS6.2AI score0.0649EPSS

CVE•added 2007/05/24 2:30 a.m.•37 views

CVE-2007-2830

The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.

5CVSS6.2AI score0.03862EPSS