Description
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/31/6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3397
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-17
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2650-1
Vendor Advisory x_refsource_confirm
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/09/6
Scores
EPSS
0.0120
EPSS Percentile
79.2%
Details
CWE
CWE-119
Status
published
Products (16)
opensuse/opensuse
13.1
opensuse/opensuse
13.2
w1.fi/hostapd
1.0
w1.fi/hostapd
1.1
w1.fi/hostapd
2.0
w1.fi/hostapd
2.1
w1.fi/hostapd
2.2
w1.fi/hostapd
2.3
w1.fi/hostapd
2.4
w1.fi/wpa_supplicant
1.0
... and 6 more
Published
Jun 15, 2015
Tracked Since
Feb 18, 2026