AZL-58604 CVE-2025-24912 affecting package wpa_supplicant for versions less than 2.10-3

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

SUSE CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...

DEBIAN-CVE-2019-5062

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial...

UBUNTU-CVE-2019-16275

hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...

DEBIAN-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...