Latest w1.fi wpa supplicant Vulnerabilities

CVE-2023-52160
In wpa_supplicant, a flaw was discovered in the implementation of PEAP, which allows an attacker to skip the second phase of authentication when the target device has not been properly configured to v...
W1.fi Wpa Supplicant<2.10
Google Android
Google Chrome OS
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=39
and 2 more
CVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inco...
W1.fi Hostapd<2.10
W1.fi Wpa Supplicant<2.10
Fedoraproject Fedora=35
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an ...
W1.fi Hostapd<2.10
W1.fi Wpa Supplicant<2.10
Fedoraproject Fedora=35
CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
W1.fi Hostapd=2.9
W1.fi Wpa Supplicant=2.9
CVE-2021-27803
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potent...
W1.fi Wpa Supplicant>=1.0<2.10
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 1 more
CVE-2019-16275
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha...
debian/wpa<=2:2.9-1<=2:2.4-1+deb9u4<=2:2.4-1<=2:2.7+git20190128+0c1e29f-6
<=2.9
<=2.9
=8.0
=10.0
=12.04
and 18 more
CVE-2019-11555
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment...
debian/wpa<=2:2.4-1+deb9u2<=2:2.4-1<=2:2.4-1+deb9u3<=2:2.7+git20190128+0c1e29f-4
ubuntu/wpa<2:2.7+
ubuntu/wpa<2.4-0ubuntu6.5
ubuntu/wpa<2:2.6-15ubuntu2.3
ubuntu/wpa<2:2.6-18ubuntu1.2
ubuntu/wpa<2:2.6-21ubuntu3.1
and 5 more
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of...
W1.fi Hostapd<=2.7
W1.fi Wpa Supplicant<=2.7
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
CVE-2019-9495
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD suppor...
W1.fi Hostapd<=2.7
W1.fi Wpa Supplicant<=2.7
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
openSUSE Backports SLE=15.0
and 26 more
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pw...
W1.fi Hostapd<=2.4
W1.fi Hostapd>=2.5<=2.7
W1.fi Wpa Supplicant<=2.4
W1.fi Wpa Supplicant>=2.5<=2.7
Fedoraproject Fedora=28
Fedoraproject Fedora=29
and 29 more
CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete E...
W1.fi Hostapd<=2.4
W1.fi Hostapd>=2.5<=2.7
W1.fi Wpa Supplicant<=2.4
W1.fi Wpa Supplicant>=2.5<=2.7
Fedoraproject Fedora=28
Fedoraproject Fedora=29
and 8 more
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Com...
W1.fi Hostapd<=2.4
W1.fi Hostapd>=2.5<=2.7
W1.fi Wpa Supplicant<=2.4
W1.fi Wpa Supplicant>=2.5<=2.7
Fedoraproject Fedora=28
Fedoraproject Fedora=29
and 29 more
CVE-2018-14526
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker w...
ubuntu/wpa<2.1-0ubuntu1.6
ubuntu/wpa<2.4-0ubuntu6.3
ubuntu/wpa<2:2.6-15ubuntu2.1
=14.04
=16.04
=18.04
and 8 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203