CVE-2015-8041Integer Overflow or Wraparound in Hostapd

CWE-189CWE-190Integer Overflow or WraparoundCWE-125Out-of-bounds ReadCWE-835Infinite Loop10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 18.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
W1.fi HostapdW1.fi WPA SupplicantOpensuse
Timeline
PublishedNov 9
Latest updateMay 14

Description

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDw1.fi/hostapd2.4
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

3
GHSA
GHSA-c6pq-gj5g-cpf8: Multiple integer overflows in the NDEF record parser in hostapd before 22022-05-14
CVEList
CVE-2015-8041: Multiple integer overflows in the NDEF record parser in hostapd before 22015-11-09
OSV
CVE-2015-8041: Multiple integer overflows in the NDEF record parser in hostapd before 22015-11-09

📋Vendor Advisories

2
Red Hat
wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation2015-07-08
Debian
CVE-2015-8041: wpa - Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and w...2015

💬Community

4
Bugzilla
CVE-2015-8041 hostapd: hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation [fedora-all]2015-07-10
Bugzilla
CVE-2015-8041 hostapd: hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation [epel-all]2015-07-10
Bugzilla
CVE-2015-8041 hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation [fedora-all]2015-07-10
Bugzilla
CVE-2015-8041 hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation2015-07-10
CVE-2015-8041 — Integer Overflow or Wraparound | cvebase