CVE-2015-5316

The CVE-2015-5316 issue affects wpa_supplicant (2.x) prior to 2.6, in the eap_pwd_perform_confirm_exchange function inside eap_pwd.c. When EAP-pwd is enabled in a network profile, processing an EAP-pwd Confirm message followed by the Identity exchange can trigger a NULL pointer dereference, leadi...

FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (976567f6-05c5-11e6-94fa-002590263bf5)

Jouni Malinen reports : wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316 %NASLMINLEVEL 70300 C Tenable Network...

Ubuntu: Security Advisory (USN-2808-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3397-1 : wpa - security update

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...

USN-2808-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant incorrectly handled WMM Sleep Mode Response frame processing. A remote attacker could use this issue to perform broadcast/multicast packet injections, or cause a denial of service. CVE-2015-5310 It was discovered that wpasupplicant and hostapd incorrectly...