cbcvebase.
CVE-2016-4477
published 2016-05-09

CVE-2016-4477: wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading…

PriorityP431high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
0.26%
16.8th percentile
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianwpa< wpa 2.3-2.4 (bookworm)wpa 2.3-2.4 (bookworm)
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
w1.fiwpa_supplicant>= 0 < 2.1-0ubuntu1.52.1-0ubuntu1.5
w1.fiwpa_supplicant>= 0 < 2.4-0ubuntu6.22.4-0ubuntu6.2

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.