CVE-2021-27803Use After Free in WPA Supplicant

CWE-416Use After Free9 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 44.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
W1.fi WPA SupplicantDebian LinuxFedoraproject Fedora
Timeline
PublishedFeb 26
Latest updateMay 24

Description

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

NVDw1.fi/wpa_supplicant1.02.10

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33, 34

Patches

Patch: w1.fiPatch: w1.fi

🔴Vulnerability Details

3
GHSA
GHSA-66mx-93rr-rg39: A vulnerability was discovered in how p2p/p2p_pd2022-05-24
CVEList
CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd2021-02-26
OSV
CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd2021-02-26

📋Vendor Advisories

5
Ubuntu
wpa_supplicant and hostapd vulnerability2021-03-04
Ubuntu
wpa_supplicant and hostapd vulnerability2021-03-03
Red Hat
wpa_supplicant: Use-after-free in P2P provision discovery processing2021-02-25
Microsoft
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potent2021-02-09
Debian
CVE-2021-27803: wpa - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10...2021
CVE-2021-27803 — Use After Free in W1.fi WPA Supplicant | cvebase