5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.8%
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant
1.0 through 2.4 allows remote attackers to cause a denial of service
(out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm
message payload.
w1.fi/security/2015-4/
w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
www.openwall.com/lists/oss-security/2015/05/07/5
www.openwall.com/lists/oss-security/2015/05/31/6
launchpad.net/bugs/cve/CVE-2015-4143
nvd.nist.gov/vuln/detail/CVE-2015-4143
security-tracker.debian.org/tracker/CVE-2015-4143
ubuntu.com/security/notices/USN-2650-1
www.cve.org/CVERecord?id=CVE-2015-4143