CVE-2015-4143 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
w1.fi	wpa_supplicant	1.0
w1.fi	wpa_supplicant	1.1
w1.fi	wpa_supplicant	2.0
w1.fi	wpa_supplicant	2.1
w1.fi	wpa_supplicant	2.2
w1.fi	wpa_supplicant	2.3
w1.fi	wpa_supplicant	2.4
w1.fi	hostapd	1.0
w1.fi	hostapd	1.1
w1.fi	hostapd	2.0
w1.fi	hostapd	2.1
w1.fi	hostapd	2.2
w1.fi	hostapd	2.3
w1.fi	hostapd	2.4
opensuse	opensuse	13.1
opensuse	opensuse	13.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wpa

bookworm	2:2.10-12+deb12u2 fixed
bookworm (security)	2:2.10-12+deb12u2 fixed
bullseye	2:2.9.0-21+deb11u2 fixed
bullseye (security)	2:2.9.0-21+deb11u2 fixed
sid	2:2.10-22 fixed
trixie	2:2.10-22 fixed

Ubuntu Releases

Ubuntu Product

Codename

hostapd

precise	not-affected
trusty	dne
utopic	dne
vivid	dne

wpa

precise	dne
trusty	Fixed 2.1-0ubuntu1.3 released
utopic	Fixed 2.1-0ubuntu4.2 released
vivid	Fixed 2.1-0ubuntu7.2 released

wpasupplicant

precise	not-affected
trusty	dne
utopic	dne
vivid	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html

http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

http://www.debian.org/security/2015/dsa-3397

http://www.openwall.com/lists/oss-security/2015/05/09/6

http://www.openwall.com/lists/oss-security/2015/05/31/6

http://www.ubuntu.com/usn/USN-2650-1

https://security.gentoo.org/glsa/201606-17

http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html

http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

http://www.debian.org/security/2015/dsa-3397

http://www.openwall.com/lists/oss-security/2015/05/09/6

http://www.openwall.com/lists/oss-security/2015/05/31/6

http://www.ubuntu.com/usn/USN-2650-1

https://security.gentoo.org/glsa/201606-17