CVE-2017-11668 - Vulnerability Details - OpenCVE

ReportizFlow

An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eapmd5pass Project	Eapmd5pass

Configuration 1 [-]

cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2017/07/31/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-31T17:00:00

Updated: 2024-08-05T18:12:40.689Z

Reserved: 2017-07-26T00:00:00

Link: CVE-2017-11668

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-31T17:29:00.177

Modified: 2024-11-21T03:08:15.953

Link: CVE-2017-11668

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-31T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-11668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2017/07/31/3", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.689Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11668", "datePublished": "2017-07-31T17:00:00", "dateReserved": "2017-07-26T00:00:00", "dateUpdated": "2024-08-05T18:12:40.689Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "622671BD-2F33-4F6A-B47C-6A09FE428C09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}, {"lang": "es", "value": "Un fallo de lectura fuera de l\u00edmites relacionado con la funci\u00f3n assess_packet en el archivo eapmd5pass.c:134, se encontr\u00f3 en la manera en que el eapmd5pass versi\u00f3n 1.4 manej\u00f3 el procesamiento de los paquetes de red. Un atacante remoto podr\u00eda usar potencialmente este fallo para bloquear el proceso de eapmd5pass bajo ciertas circunstancias mediante la generaci\u00f3n de un tr\u00e1fico de red especialmente creado."}], "id": "CVE-2017-11668", "lastModified": "2024-11-21T03:08:15.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-07-31T17:29:00.177", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}