CVE-2015-4146 — Improper Input Validation in Hostapd

CWE-20 — Improper Input Validation CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

1.3%

top 20.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse W1.fi Hostapd W1.fi WPA Supplicant

Timeline

PublishedJun 15

Latest updateMay 14

Description

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDw1.fi/hostapd7 versions+6

▶NVDopensuse/opensuse13.1, 13.2+1

▶NVDw1.fi/wpa_supplicant7 versions+6

🔴Vulnerability Details

GHSA

GHSA-f2m4-x3g9-fqq7: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1↗2022-05-14

▶

OSV

wpa, wpasupplicant vulnerabilities↗2015-06-16

▶

CVEList

CVE-2015-4146: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1↗2015-06-15

▶

OSV

CVE-2015-4146: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1↗2015-06-15

▶

📋Vendor Advisories

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2015-06-16

▶

Red Hat

hostapd: EAP-pwd missing payload length validation↗2015-05-04

▶

Debian

CVE-2015-4146: wpa - The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 do...↗2015

▶

💬Community

Bugzilla

CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146 wpa_supplicant and hostapd: EAP-pwd missing payload length validation↗2015-05-07

▶