W1.fi : Security Vulnerabilities, CVEs, Published In 2015 (Denial of service)
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Max CVSS
5.0
EPSS Score
2.69%
Published
2015-11-09
Updated
2018-10-30
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Max CVSS
5.0
EPSS Score
2.38%
Published
2015-06-15
Updated
2018-10-30
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
Max CVSS
5.0
EPSS Score
2.93%
Published
2015-06-15
Updated
2018-10-30
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Max CVSS
5.0
EPSS Score
2.37%
Published
2015-06-15
Updated
2018-10-30
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
Max CVSS
5.0
EPSS Score
2.37%
Published
2015-06-15
Updated
2018-10-30
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
Max CVSS
4.3
EPSS Score
7.47%
Published
2015-06-15
Updated
2022-05-17
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
Max CVSS
4.3
EPSS Score
2.83%
Published
2015-06-15
Updated
2018-10-30
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
Max CVSS
5.8
EPSS Score
2.96%
Published
2015-04-28
Updated
2018-10-30
8 vulnerabilities found