CVE-2019-17133: Buffer Overflow

Published Oct 4, 2019
·
Updated

A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.

Other sources

A vulnerability was found in the Linux kernels generic wifi management system in the function cfg80211mgdwextgiwessid. Many of the wifi drivers use this software and if an attacker could trick or coerce a system to joining a wifi network with an essid longer than the standard could create a situation which could the essid data could corrupt kernel stack memory and possibly escalate privileges.

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac2813cc867ae563a1ba5a9414bfb554e5796fa

Red Hat

In the Linux kernel through 5.3.2, cfg80211mgdwextgiwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211mgdwextgiwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system.

IBM

Affected Software

24 affected componentsFixes available
redhat/kernel<0:2.6.32-754.28.1.el6
0:2.6.32-754.28.1.el6
redhat/kernel-rt<0:3.10.0-1062.12.1.rt56.1042.el7
0:3.10.0-1062.12.1.rt56.1042.el7
redhat/kernel-alt<0:4.14.0-115.17.1.el7a
0:4.14.0-115.17.1.el7a
redhat/kernel<0:3.10.0-1062.12.1.el7
0:3.10.0-1062.12.1.el7
redhat/kernel<0:3.10.0-327.85.1.el7
0:3.10.0-327.85.1.el7
redhat/kernel<0:3.10.0-514.73.1.el7
0:3.10.0-514.73.1.el7
redhat/kernel<0:3.10.0-693.64.1.el7
0:3.10.0-693.64.1.el7
redhat/kernel<0:3.10.0-862.48.1.el7
0:3.10.0-862.48.1.el7
redhat/kernel<0:3.10.0-957.46.1.el7
0:3.10.0-957.46.1.el7
redhat/kernel-rt<1:3.10.0-693.64.1.rt56.662.el6
1:3.10.0-693.64.1.rt56.662.el6
IBM Data Risk Manager<=2.0.6
Linux Linux kernel>=2.6.32<3.16.77
Linux Linux kernel>=3.17<4.4.198
Linux Linux kernel>=4.5<4.9.198
Linux Linux kernel>=4.10<4.14.151
Linux Linux kernel>=4.15<4.19.81
Linux Linux kernel>=4.20<5.3.8
Debian Debian Linux=8.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
openSUSE Leap=15.1
debian/linux
5.10.223-15.10.257-16.1.170-36.1.174-16.12.86-16.12.90-27.0.10-17.0.12-1

Remediation

Patch Available

https://marc.info/?l=linux-wireless&m=157018270915487&w=2

Event History

Oct 4, 2019
CVE Published
12:00 AM
CVE Published
via MITRE·11:57 AM
Data Sourced
via MITRE·11:57 AM
Description
Nov 13, 2019
Data Sourced
via Red Hat·08:43 AM
DescriptionSeverityAffected Software
Aug 6, 2025
Data Sourced
via Launchpad·04:26 AM
Description
May 23, 2026
Data Sourced
via Ubuntu·09:31 AM
RemedyDescriptionSeverityAffected Software
Jun 10, 2026
Data Sourced
via Debian·09:54 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2019-17133?

CVE-2019-17133 has been classified as a high severity vulnerability due to its potential to cause system crashes and arbitrary code execution.

2

How do I fix CVE-2019-17133?

To fix CVE-2019-17133, you should update the Linux kernel to remedial versions which include the fix for this vulnerability.

3

Which Linux distributions are affected by CVE-2019-17133?

CVE-2019-17133 affects various Linux distributions, including specific versions of Red Hat, Debian, and Ubuntu.

4

What impact does CVE-2019-17133 have on a system?

CVE-2019-17133 can enable an attacker to crash the system or execute arbitrary code by exploiting the vulnerability in WiFi ESSID handling.

5

Is CVE-2019-17133 being actively exploited?

There is no public evidence confirming that CVE-2019-17133 is actively being exploited in the wild, but it remains a critical vulnerability that should be addressed promptly.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203