diff options
author | Philip Paeps <philip@FreeBSD.org> | 2022-03-16 15:42:27 +0800 |
---|---|---|
committer | Philip Paeps <philip@FreeBSD.org> | 2022-03-16 15:42:27 +0800 |
commit | b8a6a61b87b7e51d368c36091d6f5a36bb4f4a94 (patch) | |
tree | eadb83d0df426f4d50e8432344844e28b3bace24 | |
parent | lang/libhx: update the port to version 4.3 (diff) |
security/vuxml: add FreeBSD SA-22:02.wifi
-rw-r--r-- | security/vuxml/vuln-2022.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index efedcc39aa5a..377563dbe782 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,42 @@ + <vuln vid="8d20bd48-a4f3-11ec-90de-1c697aa5a594"> + <topic>FreeBSD-kernel -- Multiple WiFi issues</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>13.0</ge><lt>13.0_8</lt></range> + <range><ge>12.3</ge><lt>12.3_3</lt></range> + <range><ge>12.2</ge><lt>12.2_14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The paper "Fragment and Forge: Breaking Wi-Fi Through Frame + Aggregation and Fragmentation" reported a number of security + vulnerabilities in the 802.11 specification related to frame + aggregation and fragmentation.</p> + <p>Additionally, FreeBSD 12.x missed length validation of SSIDs and + Information Elements (IEs).</p> + <h1>Impact:</h1> + <p>As reported on the FragAttacks website, the "design flaws are hard + to abuse because doing so requires user interaction or is only + possible when using uncommon network settings." Under suitable + conditions an attacker may be able to extract sensitive data or inject + data.</p> + </body> + </description> + <references> + <cvename>CVE-2020-26147</cvename> + <cvename>CVE-2020-24588</cvename> + <cvename>CVE-2020-26144</cvename> + <freebsdsa>SA-22:02.wifi</freebsdsa> + </references> + <dates> + <discovery>2022-03-15</discovery> + <entry>2022-03-16</entry> + </dates> + </vuln> + <vuln vid="857be71a-a4b0-11ec-95fc-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |