Denial of Service Vulnerability in hostapd and wpa_supplicant Products by Open Source
CVE-2015-4141

Currently unrated

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4141?

A vulnerability exists in the WPS UPnP function of hostapd and wpa_supplicant that allows remote attackers to cause a denial of service event. By exploiting this issue with a negative chunk length, attackers can trigger an out-of-bounds read or execute a heap-based buffer overflow, potentially leading to a crash of the service.

References

http://www.openwall.com/lists/oss-security/2015/05/31/6

mailing-listx_refsource_MLIST

http://www.debian.org/security/2015/dsa-3397

vendor-advisoryx_refsource_DEBIAN

http://w1.fi/security/2015-2/wps-upnp-http-chunked-transf...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 31, 2015

CVE-2015-4141 Data

JSON

W1.fi

What is CVE-2015-4141?

References

Timeline