VYPR
High severity7.8NVD Advisory· Published May 9, 2016· Updated Jun 17, 2026

CVE-2016-4477

CVE-2016-4477

Description

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Google/Android5 versions
    cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.