{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-10-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de"},{"tags":["x_refsource_MISC"],"url":"http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt"},{"name":"[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2012/10/08/3"},{"name":"50805","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/50805"},{"name":"DSA-2557","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2012/dsa-2557"},{"name":"1027808","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1027808"},{"name":"MDVSA-2012:168","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:168"},{"name":"86051","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/86051"},{"name":"55826","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/55826"},{"name":"FreeBSD-SA-12:07","tags":["vendor-advisory","x_refsource_FREEBSD"],"url":"http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc"},{"name":"hostapd-eaptls-dos(79104)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79104"},{"name":"50888","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/50888"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T20:35:09.940Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt"},{"name":"[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2012/10/08/3"},{"name":"50805","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/50805"},{"name":"DSA-2557","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2012/dsa-2557"},{"name":"1027808","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1027808"},{"name":"MDVSA-2012:168","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:168"},{"name":"86051","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/86051"},{"name":"55826","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/55826"},{"name":"FreeBSD-SA-12:07","tags":["vendor-advisory","x_refsource_FREEBSD","x_transferred"],"url":"http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc"},{"name":"hostapd-eaptls-dos(79104)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79104"},{"name":"50888","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/50888"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2012-4445","datePublished":"2012-10-10T18:00:00.000Z","dateReserved":"2012-08-21T00:00:00.000Z","dateUpdated":"2024-08-06T20:35:09.940Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}