Remote DoS Vulnerability in Hostapd and Wpa_Supplicant Products
CVE-2015-4145

Currently unrated

Key Information:

Vendor: W1.fi
Status: Hostapd
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4145?

The EAP-pwd server and peer implementation in wpa_supplicant and hostapd versions 1.0 through 2.4 lacks a mechanism to properly validate message fragments. This oversight can be exploited by remote attackers to create a denial of service condition, ultimately leading to a memory leak when certain crafted messages are processed. This vulnerability poses significant risks for network environments utilizing these products.

References

http://www.openwall.com/lists/oss-security/2015/05/31/6

mailing-listx_refsource_MLIST

http://www.debian.org/security/2015/dsa-3397

vendor-advisoryx_refsource_DEBIAN

https://security.gentoo.org/glsa/201606-17

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 31, 2015

CVE-2015-4145 Data

JSON

W1.fi

What is CVE-2015-4145?

References

Timeline