Vulnerability in W1.fi Hostapd
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of servic…
EPSS: 0.013 (80.2th percentile) — read the EPSS interpretation.
Affected products
- W1.fi Hostapd — versions 1.0, 1.1, 2.0
- W1.fi Wpa_supplicant — versions 1.0, 1.1, 2.0
- Opensuse — versions 13.1, 13.2
- N/a — versions n/a
References
- [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_CONFIRM)
- DSA-3397 (vendor-advisory, x_refsource_DEBIAN)
- GLSA-201606-17 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- USN-2650-1 (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- openSUSE-SU-2015:1030 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- [oss-security] 20150509 Re: CVE request: vulnerability in wpa_supplicant and hostapd (mailing-list, x_refsource_MLIST)