PT-2017-12163 · Unknown · Eapmd5Pass

Dhiru Kholia

Published

2017-07-31

Updated

2017-08-14

CVE-2017-11670

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions eapmd5pass version 1.4

Description A length validation flaw was found in the way eapmd5pass handled network traffic in the extract eapusername function, potentially leading to out-of-bounds read and write. This could allow a remote attacker to crash the eapmd5pass process by generating specially crafted network traffic.

Recommendations For eapmd5pass version 1.4, consider restricting access to the extract eapusername function until a patch is available. As a temporary workaround, network traffic should be carefully validated to prevent specially crafted packets from reaching the eapmd5pass process.

Exploit

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

CVE-2017-11670

Affected Products

Eapmd5Pass

PT-2017-12163 · Unknown · Eapmd5Pass

CVE-2017-11670

Weakness Enumeration

Related Identifiers

Affected Products

References · 3