Vulnerabilities > CVE-2017-11670 - Out-of-bounds Write vulnerability in Eapmd5Pass Project Eapmd5Pass 1.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

eapmd5pass-project

CWE-787

NVD

Published: 2017-07-31

Updated: 2024-11-21

Summary

A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic.

Vulnerable Configurations

Part	Description	Count
Application	Eapmd5Pass_Project Eapmd5Pass Project Eapmd5Pass 1.4	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://openwall.com/lists/oss-security/2017/07/31/3
http://openwall.com/lists/oss-security/2017/07/31/3