SUSE CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...

USN-4757-1 wpa vulnerability

It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code...

UBUNTU-CVE-2015-8041

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpasupplicant before 2.5 allow remote attackers to cause a denial of service process crash or infinite loop via a large payload length field value in an 1 WPS or 2 P2P NFC NDEF record, which triggers an out-of-bounds...

DEBIAN-CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpasupplicant, when using WPS external registrar ER, 0.7.0 through 2.4 allows remote attackers to cause a denial of service crash via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow...

UBUNTU-CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service memory leak via a crafted message...