CVE-2015-4141
wpa_supplicant 0.7.0-2.4 and hostapd 0.7.0-2.4 - Denial of Service via Negative Chunk Length in WPS UPnP
Title source: llmDescription
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/31/6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3397
Vendor Advisory x_refsource_confirm
http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-17
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2650-1
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/09/4
Scores
EPSS
0.0146
EPSS Percentile
81.1%
Details
CWE
CWE-119
Status
published
Products (24)
opensuse/opensuse
13.1
opensuse/opensuse
13.2
w1.fi/hostapd
0.7.0
w1.fi/hostapd
0.7.1
w1.fi/hostapd
0.7.2
w1.fi/hostapd
0.7.3
w1.fi/hostapd
1.0
w1.fi/hostapd
1.1
w1.fi/hostapd
2.0
w1.fi/hostapd
2.1
... and 14 more
Published
Jun 15, 2015
Tracked Since
Feb 18, 2026