CVE-2017-11670

Name of the Vulnerable Software and Affected Versions eapmd5pass version 1.4

Description A length validation flaw was found in the way eapmd5pass handled network traffic in the extract eapusername function, potentially leading to out-of-bounds read and write. This could allow a remote attacker to crash the eapmd5pass process by generating specially crafted network traffic.

Recommendations For eapmd5pass version 1.4, consider restricting access to the extract eapusername function until a patch is available. As a temporary workaround, network traffic should be carefully validated to prevent specially crafted packets from reaching the eapmd5pass process.