CVE-2015-4141
published 2015-06-15CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.99%
85.6th percentile
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 2.3-2.2 (bookworm) | wpa 2.3-2.2 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
wpa_supplicant and hostapd vulnerabilities
vendor_ubuntu·2015-06-16·CVSS 4.3
CVE-2015-4141 [MEDIUM] wpa_supplicant and hostapd vulnerabilities
Title: wpa_supplicant and hostapd vulnerabilities
Summary: wpa_supplicant and hostapd could be made to crash if they received
specially crafted network traffic.
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
hostapd: WPS UPnP vulnerability with HTTP chunked transfer encoding
vendor_redhat·2015-05-04·CVSS 4.3
CVE-2015-4141 [MEDIUM] CWE-190 hostapd: WPS UPnP vulnerability with HTTP chunked transfer encoding
hostapd: WPS UPnP vulnerability with HTTP chunked transfer encoding
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Statement: Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux versions 5, 6, and 7.
Package: wpa_supplicant (Red Hat Enterprise Linux 5) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 6) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2015-4141: wpa - The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when us...
vendor_debian·2015·CVSS 4.3
CVE-2015-4141 [MEDIUM] CVE-2015-4141: wpa - The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when us...
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.3-2.2)
bullseye: resolved (fixed in 2.3-2.2)
forky: resolved (fixed in 2.3-2.2)
sid: resolved (fixed in 2.3-2.2)
trixie: resolved (fixed in 2.3-2.2)
GHSA
GHSA-fr6x-5vfp-hc79: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0
ghsa_unreviewed·2022-05-14
CVE-2015-4141 [MEDIUM] CWE-119 GHSA-fr6x-5vfp-hc79: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
OSV
wpa, wpasupplicant vulnerabilities
osv·2015-06-16·CVSS 4.3
CVE-2015-4141 [MEDIUM] wpa, wpasupplicant vulnerabilities
wpa, wpasupplicant vulnerabilities
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
OSV
CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0
osv·2015-06-15·CVSS 4.3
CVE-2015-4141 [MEDIUM] CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.htmlhttp://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txthttp://www.debian.org/security/2015/dsa-3397http://www.openwall.com/lists/oss-security/2015/05/09/4http://www.openwall.com/lists/oss-security/2015/05/31/6http://www.ubuntu.com/usn/USN-2650-1https://security.gentoo.org/glsa/201606-17http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.htmlhttp://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txthttp://www.debian.org/security/2015/dsa-3397http://www.openwall.com/lists/oss-security/2015/05/09/4http://www.openwall.com/lists/oss-security/2015/05/31/6http://www.ubuntu.com/usn/USN-2650-1https://security.gentoo.org/glsa/201606-17
2015-06-15
Published