FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
98b71436-656d-11e9-8e67-206a8a720317FreeBSD -- SAE confirm missing state validation

Problem Description:

When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode.

See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug.

Impact:

All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9496