CVE-2015-4141
15.06.2015, 15:59
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.Enginsight
| Vendor | Product | Version |
|---|---|---|
| w1.fi | wpa_supplicant | 0.7.0 |
| w1.fi | wpa_supplicant | 0.7.1 |
| w1.fi | wpa_supplicant | 0.7.2 |
| w1.fi | wpa_supplicant | 0.7.3 |
| w1.fi | wpa_supplicant | 1.0 |
| w1.fi | wpa_supplicant | 1.1 |
| w1.fi | wpa_supplicant | 2.0 |
| w1.fi | wpa_supplicant | 2.1 |
| w1.fi | wpa_supplicant | 2.2 |
| w1.fi | wpa_supplicant | 2.3 |
| w1.fi | wpa_supplicant | 2.4 |
| w1.fi | hostapd | 0.7.0 |
| w1.fi | hostapd | 0.7.1 |
| w1.fi | hostapd | 0.7.2 |
| w1.fi | hostapd | 0.7.3 |
| w1.fi | hostapd | 1.0 |
| w1.fi | hostapd | 1.1 |
| w1.fi | hostapd | 2.0 |
| w1.fi | hostapd | 2.1 |
| w1.fi | hostapd | 2.2 |
| w1.fi | hostapd | 2.3 |
| w1.fi | hostapd | 2.4 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 13.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| hostapd |
| ||||||||||||||||
| wpa |
| ||||||||||||||||
| wpasupplicant |
|
Common Weakness Enumeration
References