CVE-2015-5315 — Improper Restriction of Operations within the Bounds of a Memory Buffer in WPA Supplicant

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation10 documents9 sources

Severity

5.9MEDIUMNVD

OSV4.3

EPSS

1.1%

top 21.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

W1.fi WPA Supplicant Debian Linux

Timeline

PublishedFeb 21

Latest updateMay 14

Description

The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDw1.fi/wpa_supplicant2.0 — 2.6

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-qmc2-8wcw-c6p2: The eap_pwd_process function in eap_peer/eap_pwd↗2022-05-14

▶

CVEList

CVE-2015-5315: The eap_pwd_process function in eap_peer/eap_pwd↗2018-02-21

▶

OSV

CVE-2015-5315: The eap_pwd_process function in eap_peer/eap_pwd↗2018-02-21

▶

OSV

wpa vulnerabilities↗2015-11-10

▶

💥Exploits & PoCs

Exploit-DB

AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation↗2015-02-04

▶

📋Vendor Advisories

Red Hat

wpa_supplicant: EAP-pwd missing last fragment length validation↗2015-11-10

▶

Ubuntu

wpa_supplicant and hostapd vulnerabilities↗2015-11-10

▶

Debian

CVE-2015-5315: wpa - The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before ...↗2015

▶

💬Community

Bugzilla

CVE-2015-5315 wpa_supplicant: EAP-pwd missing last fragment length validation↗2015-11-05

▶