Back to search
CVE-2015-8041
Published: Nov 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
x_refsource_CONFIRM
openSUSE-SU-2015:1912
vendor-advisory
x_refsource_SUSE
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
x_refsource_CONFIRM
75604
vdb-entry
x_refsource_BID
openSUSE-SU-2015:1920
vendor-advisory
x_refsource_SUSE
[oss-security] 20150708 hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation
mailing-list
x_refsource_MLIST
DSA-3397
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now