CVE-2015-4145

hostapd and wpa_supplicant 1.0-2.4 - Denial of Service via EAP-pwd Fragment Processing

Title source: llm

Description

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.

References (7)

Core 7

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/05/31/6

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3397

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2650-1

Vendor Advisory x_refsource_confirm

http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/05/09/6

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201606-17

Scores

EPSS 0.0120

EPSS Percentile 79.2%

Details

CWE

CWE-399

Status published

Products (16)

opensuse/opensuse 13.1

opensuse/opensuse 13.2

w1.fi/hostapd 1.0

w1.fi/hostapd 1.1

w1.fi/hostapd 2.0

w1.fi/hostapd 2.1

w1.fi/hostapd 2.2

w1.fi/hostapd 2.3

w1.fi/hostapd 2.4

w1.fi/wpa_supplicant 1.0

... and 6 more

Published Jun 15, 2015

Tracked Since Feb 18, 2026