CVE-2017-11669 - Vulnerability Details - OpenCVE

ReportizFlow

An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eapmd5pass Project	Eapmd5pass

Configuration 1 [-]

cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2017/07/31/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-31T17:00:00

Updated: 2024-08-05T18:12:40.946Z

Reserved: 2017-07-26T00:00:00

Link: CVE-2017-11669

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-31T17:29:00.210

Modified: 2024-11-21T03:08:16.093

Link: CVE-2017-11669

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-31T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-11669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2017/07/31/3", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.946Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11669", "datePublished": "2017-07-31T17:00:00", "dateReserved": "2017-07-26T00:00:00", "dateUpdated": "2024-08-05T18:12:40.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "622671BD-2F33-4F6A-B47C-6A09FE428C09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}, {"lang": "es", "value": "Un fallo de lectura fuera de l\u00edmites relacionado con la funci\u00f3n assess_packet en el archivo eapmd5pass.c:211 se encontr\u00f3 en la manera en que el eapmd5pass versi\u00f3n 1.4 manej\u00f3 el procesamiento de los paquetes de red. Un atacante remoto podr\u00eda usar potencialmente este fallo para bloquear el proceso de eapmd5pass bajo ciertas circunstancias mediante la generaci\u00f3n de un tr\u00e1fico de red especialmente creado."}], "id": "CVE-2017-11669", "lastModified": "2024-11-21T03:08:16.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-07-31T17:29:00.210", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}