Integer Underflow in WMM Action Frame Parser for Hostapd and Wpa_Supplicant
CVE-2015-4142

Currently unrated

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4142?

This vulnerability stems from an integer underflow issue in the WMM Action frame parser utilized by Hostapd and Wpa_Supplicant in Access Point mode. Attackers can exploit this weakness by sending specially crafted frames, leading to an out-of-bounds read situation. Such exploitation can result in a denial of service, causing the affected system to crash and potentially disrupting network services. This flaw highlights the importance of maintaining robust security protocols in wireless networking equipment.

References

http://www.openwall.com/lists/oss-security/2015/05/31/6

mailing-listx_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://rhn.redhat.com/errata/RHSA-2015-1439.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 31, 2015

CVE-2015-4142 Data

JSON

W1.fi

What is CVE-2015-4142?

References

Timeline