wpa_supplicant and hostapd vulnerabilities


It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695)

Affected Package

OS OS Version Package Name Package Version
Ubuntu 20.10 hostapd 2:2.9-1ubuntu8.1
Ubuntu 20.10 wpasupplicant 2:2.9-1ubuntu8.1
Ubuntu 20.04 hostapd 2:2.9-1ubuntu4.2
Ubuntu 20.04 hostapd-dbgsym 2:2.9-1ubuntu4.2
Ubuntu 20.04 wpagui 2:2.9-1ubuntu4.2
Ubuntu 20.04 wpagui-dbgsym 2:2.9-1ubuntu4.2
Ubuntu 20.04 wpasupplicant 2:2.9-1ubuntu4.2
Ubuntu 20.04 wpasupplicant-dbgsym 2:2.9-1ubuntu4.2
Ubuntu 20.04 wpasupplicant-udeb 2:2.9-1ubuntu4.2
Ubuntu 18.04 hostapd 2:2.6-15ubuntu2.7
Ubuntu 18.04 hostapd-dbgsym 2:2.6-15ubuntu2.7
Ubuntu 18.04 wpagui 2:2.6-15ubuntu2.7
Ubuntu 18.04 wpagui-dbgsym 2:2.6-15ubuntu2.7
Ubuntu 18.04 wpasupplicant 2:2.6-15ubuntu2.7
Ubuntu 18.04 wpasupplicant-dbgsym 2:2.6-15ubuntu2.7
Ubuntu 18.04 wpasupplicant-udeb 2:2.6-15ubuntu2.7
Ubuntu 16.04 hostapd 1:2.4-0ubuntu6.7
Ubuntu 16.04 hostapd-dbgsym 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpagui 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpagui-dbgsym 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-dbgsym 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-udeb 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-udeb-dbgsym 1:2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant 2.4-0ubuntu6.7
Ubuntu 16.04 hostapd 2.4-0ubuntu6.7
Ubuntu 16.04 hostapd-dbgsym 2.4-0ubuntu6.7
Ubuntu 16.04 wpagui 2.4-0ubuntu6.7
Ubuntu 16.04 wpagui-dbgsym 2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-dbgsym 2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-udeb 2.4-0ubuntu6.7
Ubuntu 16.04 wpasupplicant-udeb-dbgsym 2.4-0ubuntu6.7