CVE-2016-4477

2016-05-09T10:59:00
ID CVE-2016-4477
Type cve
Reporter cve@mitre.org
Modified 2017-10-23T01:29:00

Description

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.