An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | third party advisory vendor advisory |
| https://www.fragattacks.com | third party advisory |
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | third party advisory |
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | third party advisory mailing list |
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | third party advisory |
| https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | third party advisory |