CVE-2015-4146
wpa_supplicant 1.0-2.4 - Denial of Service via EAP-pwd Fragmentation Handling
Title source: llmDescription
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/31/6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3397
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/09/6
Various Sources x_refsource_confirm
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-17
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2650-1
Vendor Advisory x_refsource_confirm
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
Scores
EPSS
0.0131
EPSS Percentile
80.1%
Details
Status
published
Products (16)
opensuse/opensuse
13.1
opensuse/opensuse
13.2
w1.fi/hostapd
1.0
w1.fi/hostapd
1.1
w1.fi/hostapd
2.0
w1.fi/hostapd
2.1
w1.fi/hostapd
2.2
w1.fi/hostapd
2.3
w1.fi/hostapd
2.4
w1.fi/wpa_supplicant
1.0
... and 6 more
Published
Jun 15, 2015
Tracked Since
Feb 18, 2026