CVE-2017-11670 - Vulnerability Details - OpenCVE

ReportizFlow

A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eapmd5pass Project	Eapmd5pass

Configuration 1 [-]

cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2017/07/31/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-31T17:00:00

Updated: 2024-08-05T18:12:40.763Z

Reserved: 2017-07-26T00:00:00

Link: CVE-2017-11670

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-31T17:29:00.240

Modified: 2024-11-21T03:08:16.237

Link: CVE-2017-11670

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-31T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-11670", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2017/07/31/3", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.763Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11670", "datePublished": "2017-07-31T17:00:00", "dateReserved": "2017-07-26T00:00:00", "dateUpdated": "2024-08-05T18:12:40.763Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "622671BD-2F33-4F6A-B47C-6A09FE428C09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de comprobaci\u00f3n de longitud (que conlleva a una lectura y escritura fuera de l\u00edmites) en la manera en que eapmd5pass versi\u00f3n 1.4 manej\u00f3 el tr\u00e1fico de red en la funci\u00f3n extract_eapusername. Un atacante remoto podr\u00eda usar potencialmente este fallo para bloquear el proceso eapmd5pass mediante la generaci\u00f3n de un tr\u00e1fico de red especialmente creado."}], "id": "CVE-2017-11670", "lastModified": "2024-11-21T03:08:16.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-07-31T17:29:00.240", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/31/3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}