Lucene search
K

764 matches found

Cvelist
Cvelist
added 2015/06/15 3:0 p.m.26 views

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

5.4AI score0.0348EPSS
Exploits0References8
CVE
CVE
added 2015/06/15 3:0 p.m.206 views

CVE-2015-4142

CVE-2015-4142 involves an integer underflow in the WMM Action frame processing when hostapd/wpa_supplicant run in AP mode (MLME/SME). A crafted frame can trigger an out-of-bounds read, potentially crashing the daemon. Affected products include hostapd and wpa_supplicant (various versions up to 2....

4.3CVSS5.4AI score0.04198EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2015/06/15 3:0 p.m.162 views

CVE-2015-4143

CVE-2015-4143 affects the EAP-pwd server/peer in hostapd and wpa_supplicant (versions 1.0–2.4), enabling remote denial of service via crafted payloads (Commit/Confirm). Root cause: missing payload length validation in EAP-pwd messages, causing out-of-bounds read and crash. Remediation: apply upda...

5CVSS5.1AI score0.03495EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2015/06/15 3:0 p.m.79 views

CVE-2015-4145

CVE-2015-4145 affects hostapd and wpa_supplicant (versions 1.0–2.4). The issue is in the EAP-pwd server/peer handling where a crafted message can cause a denial of service via a memory leak by not validating that a fragment is already being processed and by failing to validate payload length. Pub...

5CVSS5.6AI score0.03401EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2015/06/15 3:0 p.m.177 views

CVE-2015-4141

CVE-2015-4141 affects the WPS UPnP function in hostapd (WPS AP) and wpa_supplicant (WPS external registrar ER), with versions 0.7.0–2.4. The issue is a negative chunk length in HTTP chunked transfer encoding that enables an out-of-bounds read or heap-based buffer overflow, potentially leading to ...

4.3CVSS5.4AI score0.0299EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2015/06/15 3:0 p.m.102 views

CVE-2015-4146

The CVE-2015-4146 entry affects hostapd and wpa_supplicant (versions 1.0–2.4) via the EAP-pwd peer implementation. The root cause is that L and M flags are not cleared before fragmentation decisions, enabling remote attackers to trigger a denial of service (crash) with a crafted message. Public d...

5CVSS5.3AI score0.0348EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2015/06/15 3:0 p.m.29 views

CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...

5.7AI score0.03401EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2015/06/15 3:0 p.m.34 views

CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...

5CVSS5.7AI score0.03401EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/06/15 3:0 p.m.43 views

CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpasupplicant, when using WPS external registrar ER, 0.7.0 through 2.4 allows remote attackers to cause a denial of service crash via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow...

4.3CVSS6.4AI score0.0299EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/06/15 3:0 p.m.30 views

CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpasupplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service crash via a crafted frame, which triggers an out-of-bounds read...

4.3CVSS6.4AI score0.04198EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/06/15 3:0 p.m.38 views

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

5CVSS5.4AI score0.0348EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/06/15 3:0 p.m.46 views

CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 Commit or 2 Confirm message payload...

5CVSS6.2AI score0.03495EPSS
Exploits0
CVE
CVE
added 2015/06/15 3:0 p.m.83 views

CVE-2015-4144

CVE-2015-4144 affects hostapd and wpa_supplicant EAP-pwd server/peer implementations (versions 1.0–2.4). The issue is missing validation that a message is long enough to contain the Total-Length field, enabling a remote attacker to trigger a denial of service (crash) via crafted messages. The lin...

5CVSS5.6AI score0.03401EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.36 views

SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2015:1013-1)

wpasupplicant was updated to fix three security issues : - CVE-2015-0210: wpasupplicant: broken certificate subject check this adds the 'domainmatch' config option from upstream additional to the already existing domainsuffixmatch - CVE-2014-3686: hostapd command execution - CVE-2015-1863: P2P SS...

6.8CVSS6.5AI score0.05228EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.11 views

Fedora Update for hostapd FEDORA-2015-8386

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/06/09 12:0 a.m.11 views

Fedora Update for hostapd FEDORA-2015-8336

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/03 12:0 a.m.41 views

FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (bbc0db92-084c-11e5-bb90-002590263bf5)

Jouni Malinen reports : WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-414...

5CVSS6AI score0.04198EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2015/06/01 12:0 a.m.27 views

CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

5CVSS6.6AI score0.0348EPSS
Exploits0References6
OSV
OSV
added 2015/06/01 12:0 a.m.2 views

UBUNTU-CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...

5CVSS6.6AI score0.03401EPSS
Exploits0References8
OSV
OSV
added 2015/06/01 12:0 a.m.3 views

UBUNTU-CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...

5CVSS6.6AI score0.0348EPSS
Exploits0References7
Rows per page
Query Builder