cbcvebase.
CVE-2015-4141
published 2015-06-15

CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to…

PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.99%
85.6th percentile
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
debianwpa< wpa 2.3-2.2 (bookworm)wpa 2.3-2.2 (bookworm)
opensuseopensuse
opensuseopensuse
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fihostapd
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant
w1.fiwpa_supplicant

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.