logo
DATABASE RESOURCES PRICING ABOUT US

wpa - security update

Description

Several vulnerabilities have been discovered in wpa\_supplicant and hostapd. * [CVE-2020-12695](https://security-tracker.debian.org/tracker/CVE-2020-12695) It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service. * [CVE-2021-0326](https://security-tracker.debian.org/tracker/CVE-2021-0326) It was discovered that wpa\_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. * [CVE-2021-27803](https://security-tracker.debian.org/tracker/CVE-2021-27803) It was discovered that wpa\_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/wpa>


Affected Software


CPE Name Name Version
wpa 2:2.7+git20190128+0c1e29f-6
wpa 2:2.7+git20190128+0c1e29f-6+deb10u1
wpa 2:2.7+git20190128+0c1e29f-6+deb10u2

Related