Unrated severityNVD Advisory· Published Oct 10, 2012· Updated Apr 29, 2026
CVE-2012-4445
CVE-2012-4445
Description
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
Affected products
13cpe:2.3:a:w1.fi:hostapd:0.6.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:w1.fi:hostapd:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/50805nvdVendor Advisory
- secunia.com/advisories/50888nvdVendor Advisory
- osvdb.org/86051nvd
- www.debian.org/security/2012/dsa-2557nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.ascnvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2012/10/08/3nvd
- www.pre-cert.de/advisories/PRE-SA-2012-07.txtnvd
- www.securityfocus.com/bid/55826nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/79104nvd
News mentions
0No linked articles in our index yet.