CVE-2021-27803
First published: Fri Feb 26 2021(Updated: )
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| W1.fi Wpa Supplicant | >=1.0<2.10 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| debian/wpa | 2:2.7+git20190128+0c1e29f-6+deb10u3 2:2.9.0-21 2:2.10-12 2:2.10-21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/02/27/1
- https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/
- https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
- https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
- https://www.debian.org/security/2021/dsa-4898
- https://www.openwall.com/lists/oss-security/2021/02/25/3
- https://security-tracker.debian.org/tracker/CVE-2021-27803
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/
Frequently Asked Questions
What is CVE-2021-27803?
CVE-2021-27803 is a vulnerability in how p2p/p2p_pd.c in wpa_supplicant before version 2.10 processes P2P provision discovery requests.
What is the severity of CVE-2021-27803?
The severity of CVE-2021-27803 is high with a CVSS score of 7.5.
Who is affected by CVE-2021-27803?
Users of wpa_supplicant versions before 2.10, W1.fi Wpa Supplicant, Fedora 32, Fedora 33, Fedora 34, Debian Linux 9.0, and Debian Linux 10.0 are affected by CVE-2021-27803.
How can CVE-2021-27803 be exploited?
CVE-2021-27803 can be exploited by an attacker within radio range to cause denial of service or potentially execute arbitrary code.
How do I fix CVE-2021-27803?
To fix CVE-2021-27803, users should update to wpa_supplicant version 2.10 or later.
- collector/nvd-index
- collector/security-tracker-debian
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/w1.fi
- canonical/w1.fi wpa supplicant
- version/w1.fi wpa supplicant/1.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/debian