CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME…

medium4.3CVSS 3.1

AVNACMAuNCNINAP

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_15.5_and_ipados	—	—
debian	wpa	< wpa 2.3-2.2 (bookworm)	wpa 2.3-2.2 (bookworm)
opensuse	opensuse	—	—
opensuse	opensuse	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_hpc_node	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_workstation	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	hostapd	—	—
w1.fi	wpa_supplicant	—	—
w1.fi	wpa_supplicant	—	—
w1.fi	wpa_supplicant	—	—
w1.fi	wpa_supplicant	—	—
w1.fi	wpa_supplicant	—	—
w1.fi	wpa_supplicant	—	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P

osv4.3MEDIUM