CVE-2015-4144
published 2015-06-15CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.40%
87.3th percentile
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | < wpa 2.3-2.2 (bookworm) | wpa 2.3-2.2 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | hostapd | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | — | — |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.2 | 2.3-2.2 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.2 | 2.3-2.2 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.2 | 2.3-2.2 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.2 | 2.3-2.2 |
| w1.fi | wpa_supplicant | >= 0 < 2.1-0ubuntu1.3 | 2.1-0ubuntu1.3 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7g5-57m7-29v3: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1
ghsa_unreviewed·2022-05-14
CVE-2015-4144 [MEDIUM] CWE-119 GHSA-c7g5-57m7-29v3: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
OSV
wpa, wpasupplicant vulnerabilities
osv·2015-06-16·CVSS 4.3
CVE-2015-4141 [MEDIUM] wpa, wpasupplicant vulnerabilities
wpa, wpasupplicant vulnerabilities
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
OSV
CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1
osv·2015-06-15·CVSS 5.0
CVE-2015-4144 [MEDIUM] CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Ubuntu
wpa_supplicant and hostapd vulnerabilities
vendor_ubuntu·2015-06-16·CVSS 4.3
CVE-2015-4141 [MEDIUM] wpa_supplicant and hostapd vulnerabilities
Title: wpa_supplicant and hostapd vulnerabilities
Summary: wpa_supplicant and hostapd could be made to crash if they received
specially crafted network traffic.
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd.
A remote attacker could use these issues to cause wpa_supplicant or hostapd
to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
hostapd: EAP-pwd missing payload length validation
vendor_redhat·2015-05-04·CVSS 5.0
CVE-2015-4144 [MEDIUM] CWE-20 hostapd: EAP-pwd missing payload length validation
hostapd: EAP-pwd missing payload length validation
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Statement: Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Package: wpa_supplicant (Red Hat Enterprise Linux 5) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 6) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2015-4144: wpa - The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 thr...
vendor_debian·2015·CVSS 5.0
CVE-2015-4144 [MEDIUM] CVE-2015-4144: wpa - The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 thr...
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Scope: local
bookworm: resolved (fixed in 2.3-2.2)
bullseye: resolved (fixed in 2.3-2.2)
forky: resolved (fixed in 2.3-2.2)
sid: resolved (fixed in 2.3-2.2)
trixie: resolved (fixed in 2.3-2.2)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.htmlhttp://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txthttp://www.debian.org/security/2015/dsa-3397http://www.openwall.com/lists/oss-security/2015/05/09/6http://www.openwall.com/lists/oss-security/2015/05/31/6http://www.ubuntu.com/usn/USN-2650-1https://security.gentoo.org/glsa/201606-17http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.htmlhttp://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txthttp://www.debian.org/security/2015/dsa-3397http://www.openwall.com/lists/oss-security/2015/05/09/6http://www.openwall.com/lists/oss-security/2015/05/31/6http://www.ubuntu.com/usn/USN-2650-1https://security.gentoo.org/glsa/201606-17
2015-06-15
Published