QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4141

Published: Jun 15, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2015:1030

vendor-advisory

x_refsource_SUSE

[oss-security] 20150509 CVE request: hostapd/wpa_supplicant - WPS UPnP vulnerability with HTTP chunked transfer encoding

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.