This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
2da3cb25-6571-11e9-8e67-206a8a720317 | FreeBSD -- EAP-pwd missing commit validationProblem Description:EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the used password. See https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt for a detailed description of the bug. Impact:All wpa_supplicant and hostapd versions with EAP-pwd support. Discovery 2019-04-10 Entry 2019-04-23 Modified 2019-07-30 FreeBSD ge 12.0 lt 12.0_3 ge 11.2 lt 11.2_9 wpa_supplicant < 2.8 hostapd < 2.8 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 SA-19:03.wpa |