vulnerability
FreeBSD: VID-a207bbd8-6572-11e9-8e67-206a8a720317: FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 23, 2019 | Apr 23, 2019 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 23, 2019
Added
Apr 23, 2019
Modified
Dec 10, 2025
Description
Problem Description: EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference. See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug. Impact: All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.
Solutions
freebsd-upgrade-base-12_0-release-p3freebsd-upgrade-base-11_2-release-p9freebsd-upgrade-package-wpa_supplicantfreebsd-upgrade-package-hostapd
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.