Vulnerability Description
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openbsd | 6.6 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
- http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing ListThird Party Advisory
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wThird Party Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-sThird Party Advisory
- https://www.fragattacks.comThird Party Advisory
FAQ
What is CVE-2020-26142?
CVE-2020-26142 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packe...
How severe is CVE-2020-26142?
CVE-2020-26142 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26142?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openbsd.