CVE-2015-5310

MEDIUM

wpa_supplicant 2.x <2.6 - DoS

Title source: llm

Description

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

References (7)

[Vendor Advisory] http://source.android.com/security/bulletin/2016-01-01.html

[Various Sources] http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034592

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2808-1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/77541

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3397

[Mailing List] http://www.openwall.com/lists/oss-security/2015/11/10/9

Scores

CVSS v3 4.3

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (5)

google/android

google/android

google/android

google/android

google/android

Timeline

Published Jan 06, 2016

Tracked Since Feb 18, 2026