Problem description:
An integer overflow in the handling of corrupt IEEE 802.11
beacon or probe response frames when scanning for existing
wireless networks can result in the frame overflowing a
buffer.
Impact:
An attacker able broadcast a carefully crafted beacon or
probe response frame may be able to execute arbitrary code
within the context of the FreeBSD kernel on any system
scanning for wireless networks.
Workaround:
No workaround is available, but systems without IEEE 802.11
hardware or drivers loaded are not vulnerable.