CVE-2015-4141

2015-06-1515:59:00

CWE-119

[email protected]

web.nvd.nist.gov

120

wps

upnp

hostapd

wpa_supplicant

denial of service

crash

cve-2015-4141

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

90.5%

JSON

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

CPENameOperatorVersion
w1.fi:wpa_supplicantw1.fi wpa supplicanteq2.3
w1.fi:wpa_supplicantw1.fi wpa supplicanteq0.7.1
w1.fi:wpa_supplicantw1.fi wpa supplicanteq2.1
w1.fi:wpa_supplicantw1.fi wpa supplicanteq2.2
w1.fi:wpa_supplicantw1.fi wpa supplicanteq1.0
w1.fi:wpa_supplicantw1.fi wpa supplicanteq2.4
w1.fi:wpa_supplicantw1.fi wpa supplicanteq0.7.0
w1.fi:wpa_supplicantw1.fi wpa supplicanteq0.7.3
w1.fi:wpa_supplicantw1.fi wpa supplicanteq1.1
w1.fi:wpa_supplicantw1.fi wpa supplicanteq0.7.2

CPE	Name	Operator	Version
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	2.3
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	0.7.1
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	2.1
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	2.2
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	1.0
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	2.4
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	0.7.0
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	0.7.3
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	1.1
w1.fi:wpa_supplicant	w1.fi wpa supplicant	eq	0.7.2