Denial of Service Vulnerability in EAP-pwd Implementation of Hostapd and Wpa_supplicant
CVE-2015-4143

Currently unrated

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4143?

The EAP-pwd server and peer implementation found in Hostapd and Wpa_supplicant versions 1.0 through 2.4 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending crafted Commit or Confirm message payloads, resulting in an out-of-bounds read that leads to a program crash. This flaw compromises the reliability and security of protected communication within networks utilizing WPA/WPA2 protocols, emphasizing the need for timely updates to safeguard against potential exploitation.

References

http://www.openwall.com/lists/oss-security/2015/05/31/6

mailing-listx_refsource_MLIST

http://www.debian.org/security/2015/dsa-3397

vendor-advisoryx_refsource_DEBIAN

https://security.gentoo.org/glsa/201606-17

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 31, 2015

CVE-2015-4143 Data

JSON

W1.fi

What is CVE-2015-4143?

References

Timeline