CVE-2021-30004

MEDIUM

hostapd and wpa_supplicant - Forging Attack via AlgorithmIdentifier Mishandling

Title source: llm
STIX 2.1

Description

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.0167
EPSS Percentile 73.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (2)
w1.fi/hostapd 2.9
w1.fi/wpa_supplicant 2.9
Published Apr 02, 2021
Tracked Since Feb 18, 2026