This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
98b71436-656d-11e9-8e67-206a8a720317 | FreeBSD -- SAE confirm missing state validationProblem Description:When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode. See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug. Impact:All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration). Discovery 2019-04-10 Entry 2019-04-23 FreeBSD ge 12.0 lt 12.0_3 ge 11.2 lt 11.2_9 wpa_supplicant < 2.8 hostapd < 2.8 CVE-2019-9496 |