First published: Mon Jun 15 2015(Updated: )
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/wpa | 2:2.7+git20190128+0c1e29f-6+deb10u3 2:2.9.0-21 2:2.10-12 2:2.10-15 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
W1.fi Hostapd | =1.0 | |
W1.fi Hostapd | =1.1 | |
W1.fi Hostapd | =2.0 | |
W1.fi Hostapd | =2.1 | |
W1.fi Hostapd | =2.2 | |
W1.fi Hostapd | =2.3 | |
W1.fi Hostapd | =2.4 | |
W1.fi Wpa Supplicant | =1.0 | |
W1.fi Wpa Supplicant | =1.1 | |
W1.fi Wpa Supplicant | =2.0 | |
W1.fi Wpa Supplicant | =2.1 | |
W1.fi Wpa Supplicant | =2.2 | |
W1.fi Wpa Supplicant | =2.3 | |
W1.fi Wpa Supplicant | =2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.