Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-4477
HistoryMay 09, 2016 - 12:00 a.m.

CVE-2016-4477

2016-05-0900:00:00
ubuntu.com
ubuntu.com
18

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.1%

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in
passphrase parameters, which allows local users to trigger arbitrary
library loading and consequently gain privileges, or cause a denial of
service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3)
SET_NETWORK command.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu18.04noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu18.10noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu19.04noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu19.10noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu20.04noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu20.10noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu21.04noarchwpa<Β 2.4-0ubuntu10UNKNOWN
ubuntu14.04noarchwpa<Β 2.1-0ubuntu1.5UNKNOWN
ubuntu16.04noarchwpa<Β 2.4-0ubuntu6.2UNKNOWN
Rows per page:
1-10 of 111

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.1%