Vulnerabilities > Madwifi > Madwifi > 0.9.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-24 | CVE-2007-2831 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Madwifi Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. | 10.0 |
| 2007-05-24 | CVE-2007-2830 | Denial of Service vulnerability in MadWifi The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. | 5.0 |
| 2007-05-24 | CVE-2007-2829 | Denial of Service vulnerability in MadWifi The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | 5.0 |
| 2006-12-10 | CVE-2006-6332 | Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1 Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. | 7.5 |
| 2005-12-31 | CVE-2005-4835 | Denial-Of-Service vulnerability in MADWifi The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. network madwifi | 7.1 |