Denial of Service Vulnerability in wpa_supplicant and hostapd Software
CVE-2015-4146

Currently unrated

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4146?

The EAP-pwd peer implementation in both wpa_supplicant and hostapd versions 1.0 through 2.4 harbors a vulnerability that occurs due to improper handling of Length (L) and More (M) flags. This flaw potentially allows remote attackers to exploit the system through crafted messages, leading to a denial of service condition by crashing the software, thereby disrupting network services and affecting all dependent systems.

References

http://www.openwall.com/lists/oss-security/2015/05/31/6

mailing-listx_refsource_MLIST

http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymme...

x_refsource_CONFIRM

http://www.debian.org/security/2015/dsa-3397

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
May 31, 2015

CVE-2015-4146 Data

JSON

W1.fi

What is CVE-2015-4146?

References

Timeline