Wpa Supplicant Security Vulnerabilities and Issues — Wpa Supplicant CVE List

Lucene search

W1.fiWpa Supplicant

8 matches found

CVE•added 2019/09/12 8:15 p.m.•454 views

CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a cra...

6.5CVSS6.3AI score0.00737EPSS

CVE•added 2019/04/26 10:29 p.m.•355 views

CVE-2019-11555

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (den...

5.9CVSS6AI score0.14123EPSS

CVE•added 2019/04/17 2:29 p.m.•242 views

CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection w...

8.1CVSS8AI score0.01603EPSS

CVE•added 2019/04/17 2:29 p.m.•237 views

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hos...

5.9CVSS6.5AI score0.01538EPSS

CVE•added 2019/04/17 2:29 p.m.•222 views

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful att...

4.3CVSS6.7AI score0.04562EPSS

CVE•added 2019/04/17 2:29 p.m.•219 views

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not imp...

8.1CVSS8AI score0.1169EPSS

CVE•added 2019/04/17 2:29 p.m.•218 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01603EPSS

CVE•added 2019/04/17 2:29 p.m.•172 views

CVE-2019-9496

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, p...

7.5CVSS6.6AI score0.03119EPSS