CVE-2017-11668

{"id": "CVE-2017-11668", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-31T17:29:00.177", "references": [{"url": "http://openwall.com/lists/oss-security/2017/07/31/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic."}, {"lang": "es", "value": "Un fallo de lectura fuera de l\u00edmites relacionado con la funci\u00f3n assess_packet en el archivo eapmd5pass.c:134, se encontr\u00f3 en la manera en que el eapmd5pass versi\u00f3n 1.4 manej\u00f3 el procesamiento de los paquetes de red. Un atacante remoto podr\u00eda usar potencialmente este fallo para bloquear el proceso de eapmd5pass bajo ciertas circunstancias mediante la generaci\u00f3n de un tr\u00e1fico de red especialmente creado."}], "lastModified": "2017-08-14T15:31:06.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eapmd5pass_project:eapmd5pass:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "622671BD-2F33-4F6A-B47C-6A09FE428C09"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}