The EAP-pwd server and peer implementation in hostapd and wpa_supplicant
1.0 through 2.4 does not validate that a message is long enough to contain
the Total-Length field, which allows remote attackers to cause a denial of
service (crash) via a crafted message.
w1.fi/security/2015-4/
w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
www.openwall.com/lists/oss-security/2015/05/07/5
launchpad.net/bugs/cve/CVE-2015-4144
nvd.nist.gov/vuln/detail/CVE-2015-4144
security-tracker.debian.org/tracker/CVE-2015-4144
ubuntu.com/security/notices/USN-2650-1
www.cve.org/CVERecord?id=CVE-2015-4144