Integer Overflow Vulnerability in Hostapd and Wpa_supplicant by the Vendor
CVE-2015-8041

Currently unrated

Key Information:

Vendor: W1.fi
Status: WPa Supplicant
Vendor: CVE Published:; 9 November 2015

What is CVE-2015-8041?

Multiple integer overflow vulnerabilities exist in the NDEF record parser within Hostapd and Wpa_supplicant versions prior to 2.5. Remote attackers can exploit these vulnerabilities by sending specially crafted payloads in WPS or P2P NFC NDEF records, leading to potential denial of service scenarios, including process crashes or infinite loops, as a result of inappropriate handling of large payload length fields. Timely updates are essential to mitigate this risk.

References

https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2015-11/msg000...

vendor-advisoryx_refsource_SUSE

https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2015
Vulnerability Reserved
Nov 2, 2015

CVE-2015-8041 Data

JSON

W1.fi

What is CVE-2015-8041?

References

Timeline