SecuritySpace - CVE-2015-5315

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2015-5315

Description: The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP- pwd message.

Test IDs: 1.3.6.1.4.1.25623.1.0.703397

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-5315
Debian Security Information: DSA-3397 (Google Search)
https://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/11/10/10
http://www.ubuntu.com/usn/USN-2808-1

CVE ID:	CVE-2015-5315
Description:	The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP- pwd message.
Test IDs:	1.3.6.1.4.1.25623.1.0.703397
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5315 Debian Security Information: DSA-3397 (Google Search) https://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/11/10/10 http://www.ubuntu.com/usn/USN-2808-1