High severity7.8NVD Advisory· Published May 9, 2016· Updated Jun 17, 2026
CVE-2016-4477
CVE-2016-4477
Description
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.