Input validation error in hostapd (Alpine package)



Published: 2019-09-17
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-16275
CWE-ID CWE-20
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
hostapd (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU21420

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16275

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software allows an incorrect indication of disconnection in certain situations because source address validation is mishandled. A remote attacker in radio range of the access point can send a specially crafted 802.11 frame and cause a denial of service condition on target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

hostapd (Alpine package): 2.6-r5

External links

http://git.alpinelinux.org/aports/commit/?id=b3799e64fbe5cff874dcc1418960782489f9b6c2
http://git.alpinelinux.org/aports/commit/?id=16ccc2f3febe701ce5b1c5cfa83c822729480626
http://git.alpinelinux.org/aports/commit/?id=76596d9eb38d659caa8131cd6128b122b300df39
http://git.alpinelinux.org/aports/commit/?id=a6aa0ed429367e9125b72d7642fd2c2dc35d92dc
http://git.alpinelinux.org/aports/commit/?id=7d85eb1a12890ce66101c9292c1aa5a8d447c0b3
http://git.alpinelinux.org/aports/commit/?id=3a841060b765aff902e6eee671be7e9e7b134a6b
http://git.alpinelinux.org/aports/commit/?id=bd6d17a7934c019dabff6ce2c6b2d18c31e58fb0
http://git.alpinelinux.org/aports/commit/?id=6cecf3cc9dc4f98673a43d9f5880df0abd644993
http://git.alpinelinux.org/aports/commit/?id=cd144136ad59f95ca2d962cbf6014b0378af8fd9
http://git.alpinelinux.org/aports/commit/?id=de40d9a237281b0e3a2ec4a0e2b8d9a825732828
http://git.alpinelinux.org/aports/commit/?id=739c0b7c400092582bb275a05bcecb7fe68c341a
http://git.alpinelinux.org/aports/commit/?id=bb12cd81f8b5a701f7671fd0ec71290d032f3283
http://git.alpinelinux.org/aports/commit/?id=a631766c739d92b83c30732831268f2e5cf0e919
http://git.alpinelinux.org/aports/commit/?id=55443b474ec90b6d005d24bcaa7224721a8875a7
http://git.alpinelinux.org/aports/commit/?id=f1fd2a573425793de610a615092f210f1c50f0ad


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###