CVE-2021-30004 — Improper Input Validation in Hostapd

CWE-20 — Improper Input Validation7 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

W1.fi Hostapd W1.fi WPA Supplicant

Timeline

PublishedApr 2

Latest updateMay 24

Description

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDw1.fi/hostapd2.9

▶NVDw1.fi/wpa_supplicant2.9

Patches

Patch: w1.fi ↗Patch: w1.fi ↗

🔴Vulnerability Details

GHSA

GHSA-mwxw-68wg-34jm: In wpa_supplicant and hostapd 2↗2022-05-24

▶

CVEList

CVE-2021-30004: In wpa_supplicant and hostapd 2↗2021-04-02

▶

OSV

CVE-2021-30004: In wpa_supplicant and hostapd 2↗2021-04-02

▶

📋Vendor Advisories

Microsoft

In wpa_supplicant and hostapd 2.9 forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.↗2021-04-13

▶

Red Hat

wpa_supplicant: mishandled AlgorithmIdentifier parameters may lead to forging attacks↗2021-03-14

▶

Debian

CVE-2021-30004: wpa - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmId...↗2021

▶