CVE-2020-26145
- Source
- https://cve.org/CVERecord?id=CVE-2020-26145
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26145.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-26145
- Aliases
-
- 2860245
- 2868035
- 2893212
- A-177910901
- ASB-A-177910901
- Downstream
- Related
- Published
- 2021-05-11T20:15:08.873Z
- Modified
- 2026-02-11T01:12:46.367245Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
- References
-
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- http://www.openwall.com/lists/oss-security/2021/05/11/12
Affected packages
Git / github.com/vanhoefm/fragattacks
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vanhoefm/fragattacks
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
aosp-jb-start
aosp-kk-from-upstream
hostap-1-bp
hostap_0_6_3
hostap_0_6_4
hostap_0_6_5
hostap_0_6_6
hostap_0_6_7
hostap_0_7_0
hostap_0_7_1
hostap_0_7_2
hostap_2_0
hostap_2_1
hostap_2_2
hostap_2_3
hostap_2_4
hostap_2_5
hostap_2_6
hostap_2_7
hostap_2_8
hostap_2_9
v1.*
v1.0
v1.1