Vulnerability Details : CVE-2015-4142
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-4142
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:w1.fi:wpa_supplicant:0.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4142
7.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4142
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-4142
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4142
-
http://www.debian.org/security/2015/dsa-3397
Debian -- Security Information -- DSA-3397-1 wpa
-
http://www.securitytracker.com/id/1032625
wpa_supplicant Integer Overflow in Processing WMM Action Frames Lets Remote Users - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-1090.html
RHSA-2015:1090 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/kb/HT213258
About the security content of iOS 15.5 and iPadOS 15.5 - Apple Support
-
https://security.gentoo.org/glsa/201606-17
hostapd and wpa_supplicant: Multiple vulnerabilities (GLSA 201606-17) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/05/31/6
oss-security - Re: CVE request: vulnerability in wpa_supplicant and hostapd
-
http://www.openwall.com/lists/oss-security/2015/05/09/5
oss-security - CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing
-
http://seclists.org/fulldisclosure/2022/May/34
Full Disclosure: APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172608.html
[SECURITY] Fedora 21 Update: wpa_supplicant-2.0-17.fc21
-
http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1439.html
RHSA-2015:1439 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172655.html
[SECURITY] Fedora 22 Update: wpa_supplicant-2.4-7.fc22
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
openSUSE-SU-2015:1030-1: moderate: Recommended update for wpa_supplicantThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2650-1
USN-2650-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html
[SECURITY] Fedora 23 Update: wpa_supplicant-2.4-6.fc23
Jump to