PT-2020-7747 · Unknown+1 · Aircrack-Ng+1
Mister-X
·
Published
2015-01-24
·
Updated
2020-02-05
·
CVE-2014-8322
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aircrack-ng versions prior to 1.2 RC 1
Description
The issue is a stack-based buffer overflow in the
tcp test function, allowing remote attackers to execute arbitrary code via a crafted length parameter value.Recommendations
For versions prior to 1.2 RC 1, update to version 1.2 RC 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the
tcp test function in aireplay-ng.c until a patch is available.Exploit
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Aircrack-Ng