CVE-2016-4477Argument Injection in WPA

CWE-19CWE-88Argument Injection10 documents8 sources
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.1%
top 67.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
W1.fi WPA SupplicantDebian WPAGoogle Android
Timeline
PublishedMay 9
Latest updateMay 17

Description

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/wpa< wpa 2.3-2.4 (bookworm)
Ubuntuw1.fi/wpa_supplicant< 2.1-0ubuntu1.5+1
NVDgoogle/android5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-3wj5-xm6v-9hmq: wpa_supplicant 02022-05-17
OSV
wpa vulnerabilities2017-10-16
OSV
CVE-2016-4477: wpa_supplicant 02016-05-09

📋Vendor Advisories

4
Ubuntu
wpa_supplicant and hostapd vulnerabilities2017-10-16
Red Hat
wpa_supplicant: local configuration update allows privilege escalation2016-05-02
Android
CVE-2016-4477: Android Security Bulletin 2016-05-01 CVE: CVE-2016-4477 Severity: HIGH Affected AOSP versions: 42016-05-01
Debian
CVE-2016-4477: wpa - wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphr...2016

💬Community

2
Bugzilla
CVE-2016-4476 CVE-2016-4477 wpa_supplicant: various flaws [fedora-all]2016-05-03
Bugzilla
CVE-2016-4477 wpa_supplicant: local configuration update allows privilege escalation2016-05-03