The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.1%