Debian Wpa vulnerabilities

CVE-2015-5314 [MEDIUM] CVE-2015-5314: wpa - The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x befor... The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a

CVE-2015-4146 [MEDIUM] CVE-2015-4146: wpa - The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 do... The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. Scope: local bookworm: resolved (fixed in 2.3-2.2) bullseye: resolved (fixed in 2.3-2.2) forky: reso

CVE-2015-4143 [MEDIUM] CVE-2015-4143: wpa - The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 thr... The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. Scope: local bookworm: resolved (fixed in 2.3-2.2) bullseye: resolved (fixed in 2.3-2.2) forky: resolved (fixed in 2.3-2.2) sid: resolved (fix

CVE-2015-4142 [MEDIUM] CVE-2015-4142: wpa - Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 an... Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 2.3-2.2) bullseye: resolved (fixed in 2.3-2.2) f

CVE-2015-5310 [MEDIUM] CVE-2015-5310: wpa - The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignor... The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. Scope: local bookworm: resolved (fixed in 2.

CVE-2015-4141 [MEDIUM] CVE-2015-4141: wpa - The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when us... The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.3-2.2) bullseye: resolved (fixed in 2.3

CVE-2015-1863 [MEDIUM] CVE-2015-1863: wpa - Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attac... Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. Scope: local bookworm: resolved (fixed in 2.3-2) bullseye: resolved (fixed in 2.3-2) forky: resolved (fixed in

CVE-2015-4145 [MEDIUM] CVE-2015-4145: wpa - The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 thr... The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. Scope: local bookworm: resolved (fixed in 2.3-2.2) bullseye: resolved (fixed in 2.3-2.2) forky: resolved (fixed in 2.3-2.2) sid: r

CVE-2014-3686 [MEDIUM] CVE-2014-3686: wpa - wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configur... wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. Scope: local bookworm: resolved (fixed in 2.3-1) bullseye: resolved (fixed in 2.3-1) forky: resolved (fixed in 2.3-1) sid: resolved (fixed in 2.3-1) trixie:

CVE-2012-4445 [MEDIUM] CVE-2012-4445: wpa - Heap-based buffer overflow in the eap_server_tls_process_fragment function in ea... Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set. Scope: local bookworm: resolved (fixed in 1

CVE-2012-2389 [LOW] CVE-2012-2389: wpa - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for... hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved