CVE-2017-11121

Published: Sep 28, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

Affected (3)

Products: Broadcom: Bcm4355c0 Firmware · Apple: Iphone Os, Tvos

1 product

Bcm4355c0 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Broadcom Bcm4355c0 Firmware	Version 9.44.78.27.0.1.56

Running on/with	Platform Versions
Broadcom Bcm4355c0	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 11.0
Apple Tvos	Before 11.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/100984

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=1291

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://source.android.com/security/bulletin/2017-09-01

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/HT208112

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/HT208113

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/en-us/HT208112

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/en-us/HT208113

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/100984

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=1291

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://source.android.com/security/bulletin/2017-09-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/HT208112

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/HT208113

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/en-us/HT208112

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/en-us/HT208113

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.