W1.Fi Wpa Supplicant vulnerabilities
38 known vulnerabilities affecting w1.fi/wpa_supplicant.
Total CVEs
38
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH7MEDIUM28LOW1
Vulnerabilities
Page 2 of 2
CVE-2017-13087P4MEDIUMCVSS 5.3v0.2.4v0.2.5+31 more2017-10-17
CVE-2017-13087 [MEDIUM] CWE-330 CVE-2017-13087: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Tempor
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
nvdosv
CVE-2017-13078P4MEDIUMCVSS 5.3v0.2.4v0.2.5+31 more2017-10-17
CVE-2017-13078 [MEDIUM] CWE-323 CVE-2017-13078: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvdosv
CVE-2015-5315P4MEDIUMCVSS 5.9≥ 2.0, < 2.62018-02-21
CVE-2015-5315 [MEDIUM] CWE-119 CVE-2015-5315: The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validat
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd mes
nvdosv
CVE-2015-5314P4MEDIUMCVSS 5.9≥ 2.0, < 2.62018-02-21
CVE-2015-5314 [MEDIUM] CWE-119 CVE-2015-5314: The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not valid
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process
nvdosv
CVE-2015-0210P4MEDIUMCVSS 5.9v2.0-162017-08-28
CVE-2015-0210 [MEDIUM] CWE-295 CVE-2015-0210: wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attacker
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
nvd
CVE-2017-13080P4MEDIUMCVSS 5.3v0.2.4v0.2.5+31 more2017-10-17
CVE-2017-13080 [MEDIUM] CWE-323 CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during t
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
nvdosv
CVE-2017-13081P4MEDIUMCVSS 5.3v0.2.4v0.2.5+31 more2017-10-17
CVE-2017-13081 [MEDIUM] CWE-323 CVE-2017-13081: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integr
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
nvdosv
CVE-2015-5316P4MEDIUMCVSS 5.9≥ 2.0, < 2.62018-02-21
CVE-2015-5316 [MEDIUM] CWE-476 CVE-2015-5316: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
nvdosv
CVE-2019-16275P4MEDIUMCVSS 6.5≤ 2.92019-09-12
CVE-2019-16275 [MEDIUM] CWE-346 CVE-2019-16275: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the
nvdosv
CVE-2021-30004P4MEDIUMCVSS 5.3v2.92021-04-02
CVE-2021-30004 [MEDIUM] CWE-20 CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
nvd
CVE-2015-4141P4MEDIUMCVSS 4.3v0.7.0v0.7.1+9 more2015-06-15
CVE-2015-4141 [MEDIUM] CWE-119 CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external reg
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
nvdosv
CVE-2015-4143P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4143 [MEDIUM] CWE-119 CVE-2015-4143: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remo
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
nvdosv
CVE-2015-4144P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4144 [MEDIUM] CWE-119 CVE-2015-4144: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not va
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
nvdosv
CVE-2015-4145P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4145 [MEDIUM] CWE-399 CVE-2015-4145: The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not va
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
nvdosv
CVE-2015-4146P4MEDIUMCVSS 5.0v1.0v1.1+5 more2015-06-15
CVE-2015-4146 [MEDIUM] CVE-2015-4146: The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
nvdosv
CVE-2015-8041P4MEDIUMCVSS 5.0≤ 2.42015-11-09
CVE-2015-8041 [MEDIUM] CWE-189 CVE-2015-8041: Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
nvdosv
CVE-2015-4142P4MEDIUMCVSS 4.3v0.7.0v0.7.1+9 more2015-06-15
CVE-2015-4142 [MEDIUM] CWE-119 CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
nvdosv
CVE-2019-9495P4LOWCVSS 3.7≤ 2.72019-04-17
CVE-2019-9495 [LOW] CWE-524 CVE-2019-9495: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache.
nvdosv
← Previous2 / 2