CVE-2015-4142 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Hostapd

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

7.1%

top 8.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node +4 more

Timeline

PublishedJun 15

Latest updateMay 16

Description

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

▶NVDw1.fi/hostapd11 versions+10

▶NVDopensuse/opensuse13.1, 13.2+1

▶NVDw1.fi/wpa_supplicant11 versions+10

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

🔴Vulnerability Details

GHSA

GHSA-r4j8-fwxp-qfmx: Integer underflow in the WMM Action frame parser in hostapd 0↗2022-05-14

▶

OSV

wpa, wpasupplicant vulnerabilities↗2015-06-16

▶

OSV

CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd 0↗2015-06-15

▶

CVEList

CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd 0↗2015-06-15

▶

📋Vendor Advisories

Apple

CVE-2015-4142: iOS 15.5 and iPadOS 15.5↗2022-05-16

▶

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2015-06-16

▶

Red Hat

hostapd: integer underflow in AP mode WMM Action frame processing↗2015-05-04

▶

Debian

CVE-2015-4142: wpa - Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 an...↗2015

▶

💬Community

Bugzilla

CVE-2015-4142 wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing↗2015-05-13

▶