Lucene search

K
ubuntuUbuntuUSN-4734-1
HistoryFeb 11, 2021 - 12:00 a.m.

wpa_supplicant and hostapd vulnerabilities

2021-02-1100:00:00
ubuntu.com
157

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

8.5 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.9%

Releases

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • wpa - client support for WPA and WPA2

Details

It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) group information in some situations, leading to a
heap overflow. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2021-0326)

It was discovered that hostapd did not properly handle UPnP subscribe
messages in some circumstances. An attacker could use this to cause a
denial of service. (CVE-2020-12695)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchhostapd< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchhostapd-dbgsym< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchwpagui< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchwpagui-dbgsym< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchwpasupplicant< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchwpasupplicant-dbgsym< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.10noarchwpasupplicant-udeb< 2:2.9-1ubuntu8.1UNKNOWN
Ubuntu20.04noarchhostapd< 2:2.9-1ubuntu4.2UNKNOWN
Ubuntu20.04noarchhostapd-dbgsym< 2:2.9-1ubuntu4.2UNKNOWN
Ubuntu20.04noarchwpagui< 2:2.9-1ubuntu4.2UNKNOWN
Rows per page:
1-10 of 291

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

8.5 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.9%