What is CVE-2015-1863?

CVE-2015-1863 is a vulnerability in W1.fi Wpa_supplicant, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-04-28.

Is CVE-2015-1863 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in W1.fi Wpa_supplicant

CVE-2015-1863

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or…

Vulnerability class: Buffer Overflow

EPSS: 0.085 (92.6th percentile) — read the EPSS interpretation.

Affected products

W1.fi Wpa_supplicant — versions 1.0, 1.1, 2.0
Canonical Ubuntu_linux — versions 14.04, 14.10, 15.04
Debian Debian_linux — versions 7.0, 8.0
Opensuse — versions 13.1, 13.2
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_hpc_node — versions 7.0
Redhat Enterprise_linux_hpc_node_eus — versions 7.1
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_server_eus — versions 7.1
Redhat Enterprise_linux_workstation — versions 7.0

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
DSA-3233 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
20150423 [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow (mailing-list, x_refsource_BUGTRAQ)
USN-2577-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
openSUSE-SU-2015:0813 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
20150424 [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow (mailing-list, x_refsource_FULLDISC, Third Party Advisory, VDB Entry)
74296 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
GLSA-201606-17 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2015-1863?: CVE-2015-1863 is a vulnerability in W1.fi Wpa_supplicant, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-04-28.
Is CVE-2015-1863 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.