CVE-2015-4145

Published: Jun 15, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd

mailing-list

x_refsource_MLIST

DSA-3397

vendor-advisory

x_refsource_DEBIAN

GLSA-201606-17

vendor-advisory

x_refsource_GENTOO

USN-2650-1

vendor-advisory

x_refsource_UBUNTU

http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

x_refsource_CONFIRM

openSUSE-SU-2015:1030

vendor-advisory

x_refsource_SUSE

[oss-security] 20150509 Re: CVE request: vulnerability in wpa_supplicant and hostapd

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-4145

Description

Affected Products

References