SB2020061072 - Input validation error in hostapd (Alpine package)
Published: June 10, 2020 Updated: August 7, 2022
Security Bulletin ID
SB2020061072
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2020-12695)
The vulnerability allows a remote attacker to perform a distributed denial of service (DDoS) attack.
The vulnerability exists due to a CallStranger issue in the UPnP SUBSCRIBE functionality. A remote attacker can send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=16ccc2f3febe701ce5b1c5cfa83c822729480626
- https://git.alpinelinux.org/aports/commit/?id=3573424f4f898daf3b99b6e846ab1a45b82f0de6
- https://git.alpinelinux.org/aports/commit/?id=76596d9eb38d659caa8131cd6128b122b300df39
- https://git.alpinelinux.org/aports/commit/?id=8bb1a68c689e48391e3d115209665b549415b346
- https://git.alpinelinux.org/aports/commit/?id=a6aa0ed429367e9125b72d7642fd2c2dc35d92dc