764 matches found
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...
CVE-2015-4142
CVE-2015-4142 involves an integer underflow in the WMM Action frame processing when hostapd/wpa_supplicant run in AP mode (MLME/SME). A crafted frame can trigger an out-of-bounds read, potentially crashing the daemon. Affected products include hostapd and wpa_supplicant (various versions up to 2....
CVE-2015-4143
CVE-2015-4143 affects the EAP-pwd server/peer in hostapd and wpa_supplicant (versions 1.0–2.4), enabling remote denial of service via crafted payloads (Commit/Confirm). Root cause: missing payload length validation in EAP-pwd messages, causing out-of-bounds read and crash. Remediation: apply upda...
CVE-2015-4145
CVE-2015-4145 affects hostapd and wpa_supplicant (versions 1.0–2.4). The issue is in the EAP-pwd server/peer handling where a crafted message can cause a denial of service via a memory leak by not validating that a fragment is already being processed and by failing to validate payload length. Pub...
CVE-2015-4141
CVE-2015-4141 affects the WPS UPnP function in hostapd (WPS AP) and wpa_supplicant (WPS external registrar ER), with versions 0.7.0–2.4. The issue is a negative chunk length in HTTP chunked transfer encoding that enables an out-of-bounds read or heap-based buffer overflow, potentially leading to ...
CVE-2015-4146
The CVE-2015-4146 entry affects hostapd and wpa_supplicant (versions 1.0–2.4) via the EAP-pwd peer implementation. The root cause is that L and M flags are not cleared before fragmentation decisions, enabling remote attackers to trigger a denial of service (crash) with a crafted message. Public d...
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
CVE-2015-4141
The WPS UPnP function in hostapd, when using WPS AP, and wpasupplicant, when using WPS external registrar ER, 0.7.0 through 2.4 allows remote attackers to cause a denial of service crash via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow...
CVE-2015-4142
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpasupplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service crash via a crafted frame, which triggers an out-of-bounds read...
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...
CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 Commit or 2 Confirm message payload...
CVE-2015-4144
CVE-2015-4144 affects hostapd and wpa_supplicant EAP-pwd server/peer implementations (versions 1.0–2.4). The issue is missing validation that a message is long enough to contain the Total-Length field, enabling a remote attacker to trigger a denial of service (crash) via crafted messages. The lin...
SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2015:1013-1)
wpasupplicant was updated to fix three security issues : - CVE-2015-0210: wpasupplicant: broken certificate subject check this adds the 'domainmatch' config option from upstream additional to the already existing domainsuffixmatch - CVE-2014-3686: hostapd command execution - CVE-2015-1863: P2P SS...
Fedora Update for hostapd FEDORA-2015-8386
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for hostapd FEDORA-2015-8336
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (bbc0db92-084c-11e5-bb90-002590263bf5)
Jouni Malinen reports : WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-414...
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...
UBUNTU-CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
UBUNTU-CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not clear the L Length and M More flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service crash via a crafted message...