FKIE_CVE-2012-4445

Vulnerability from fkie_nvd - Published: 2012-10-10 18:55 - Updated: 2026-06-16 23:45
Severity
Summary
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
References
secalert@redhat.comhttp://osvdb.org/86051
secalert@redhat.comhttp://secunia.com/advisories/50805Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/50888Vendor Advisory
secalert@redhat.comhttp://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2557
secalert@redhat.comhttp://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:168
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/10/08/3
secalert@redhat.comhttp://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
secalert@redhat.comhttp://www.securityfocus.com/bid/55826
secalert@redhat.comhttp://www.securitytracker.com/id?1027808
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79104
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/86051
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50805Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50888Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2557
af854a3a-2127-422b-91ae-364da2661108http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/10/08/3
af854a3a-2127-422b-91ae-364da2661108http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55826
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027808
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79104
Impacted products
Vendor Product Version
w1.fi hostapd 0.6.0
w1.fi hostapd 0.6.1
w1.fi hostapd 0.6.2
w1.fi hostapd 0.6.3
w1.fi hostapd 0.6.4
w1.fi hostapd 0.6.5
w1.fi hostapd 0.6.6
w1.fi hostapd 0.6.7
w1.fi hostapd 0.7.0
w1.fi hostapd 0.7.1
w1.fi hostapd 0.7.2
w1.fi hostapd 0.7.3
w1.fi hostapd 1.0

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "secalert@redhat.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "816B50F2-87B8-4A74-80CA-6DE23A61AA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4EC748-0E3D-4A70-9B30-0B0048637222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA68E996-A9DA-4D58-AA05-B4F9CFD8FF78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "625BF95C-F216-4853-B62F-4A220427E1B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE7C5C4-AF37-4DE1-B240-5B35BB547505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8C75878-75FC-4792-BF93-6E6758BCFC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1BC3E9-5AA2-466E-AAE0-4FB5EDF85860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6475E94F-F457-4053-8B1B-F44D42742271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01092A1-8D52-4474-BC85-663BCA683208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79614B8-BEEC-4772-944B-F631D85A278D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C5CBC86-4F65-4A1E-8423-D599B8F89EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06119A43-B1CA-4021-87D2-C67BE6125423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "768D16AF-3A8B-47DD-A499-948A73062AE1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n eap_server_tls_process_fragment de eap_server_tls_common.c en el servidor de autenticaci\u00f3n EAP en hostapd v0.6 hasta v1.0 permite a atacantes remotos provocar un denegaci\u00f3n de servicio (ca\u00edda o cancelaci\u00f3n) mediante un valor \"TLS Message Length\" peque\u00f1o, en un mensaje EAP-TLS con el valor \"More Fragments\" activo."
    }
  ],
  "id": "CVE-2012-4445",
  "lastModified": "2026-06-16T23:45:06.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-10T18:55:04.377",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/86051"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50805"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50888"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2557"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/08/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/55826"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1027808"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/86051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…