The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
References
Link | Resource |
---|---|
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html | Third Party Advisory |
https://kb.cert.org/vuls/id/166939/ | Third Party Advisory US Government Resource |
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html | Third Party Advisory |
https://kb.cert.org/vuls/id/166939/ | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 04:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html - Third Party Advisory | |
References | () https://kb.cert.org/vuls/id/166939/ - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 7.9 |
Information
Published : 2020-02-03 21:15
Updated : 2024-11-21 04:51
NVD link : CVE-2019-9502
Mitre link : CVE-2019-9502
CVE.ORG link : CVE-2019-9502
JSON object : View
Products Affected
broadcom
- bcm4339
- bcm4339_firmware
synology
- router_manager