CVE-2015-4144 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Hostapd

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

1.2%

top 21.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse W1.fi Hostapd W1.fi WPA Supplicant

Timeline

PublishedJun 15

Latest updateMay 14

Description

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDw1.fi/hostapd7 versions+6

▶NVDopensuse/opensuse13.1, 13.2+1

▶NVDw1.fi/wpa_supplicant7 versions+6

🔴Vulnerability Details

GHSA

GHSA-c7g5-57m7-29v3: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1↗2022-05-14

▶

OSV

wpa, wpasupplicant vulnerabilities↗2015-06-16

▶

CVEList

CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1↗2015-06-15

▶

OSV

CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1↗2015-06-15

▶

📋Vendor Advisories

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2015-06-16

▶

Red Hat

hostapd: EAP-pwd missing payload length validation↗2015-05-04

▶

Debian

CVE-2015-4144: wpa - The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 thr...↗2015

▶

💬Community

Bugzilla

CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 wpa_supplicant and hostapd: EAP-pwd missing payload length validation↗2015-05-07

▶