An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
Se detectó un problema en el kernel en OpenBSD versión 6.6. Las implementaciones WEP, WPA, WPA2 y WPA3 tratan las tramas fragmentadas como tramas completas. Un adversario puede abusar de esto para inyectar paquetes de red arbitrarios, independientemente de la configuración de la red
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | HIGH |
| Availability Impact | NONE |
AV:N/AC:H/Au:N/C:N/I:P/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | HIGH |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | PARTIAL |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-74
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openbsd | openbsd | 6.6 | <built-in method update of dict object at 0x72a9cc60c840> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:* |