Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=365897
secunia.com/advisories/19966
secunia.com/advisories/20195
secunia.com/advisories/20265
www.debian.org/security/2006/dsa-1065
www.mandriva.com/security/advisories?name=MDKSA-2006:088
www.osvdb.org/25233
www.securityfocus.com/bid/17846
www.vupen.com/english/advisories/2006/1657
exchange.xforce.ibmcloud.com/vulnerabilities/26239