{"id":"CVE-2019-9502","details":"The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.","aliases":["A-130374366","ASB-A-130374366"],"modified":"2026-03-14T14:42:02.102230Z","published":"2020-02-03T21:15:11.547Z","references":[{"type":"ADVISORY","url":"https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"},{"type":"ADVISORY","url":"https://kb.cert.org/vuls/id/166939/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9502.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}