CVE-2015-4143

wpa_supplicant and hostapd 1.0-2.4 - Denial of Service via EAP-pwd Commit or Confirm Message Payload

Title source: llm

Description

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

References (7)

Core 7

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/05/31/6

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3397

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201606-17

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2650-1

Vendor Advisory x_refsource_confirm

http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/05/09/6

Scores

EPSS 0.0120

EPSS Percentile 79.2%

Details

CWE

CWE-119

Status published

Products (16)

opensuse/opensuse 13.1

opensuse/opensuse 13.2

w1.fi/hostapd 1.0

w1.fi/hostapd 1.1

w1.fi/hostapd 2.0

w1.fi/hostapd 2.1

w1.fi/hostapd 2.2

w1.fi/hostapd 2.3

w1.fi/hostapd 2.4

w1.fi/wpa_supplicant 1.0

... and 6 more

Published Jun 15, 2015

Tracked Since Feb 18, 2026