rpm package
opensuse/wpa_supplicant&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Leap%2015.2
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13077 | Med | 6.8 | < 2.9-lp152.8.3.1 | 2.9-lp152.8.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |
| CVE-2015-8041 | — | < 2.9-lp152.8.3.1 | 2.9-lp152.8.3.1 | Nov 9, 2015 | Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which tri | ||
| CVE-2015-4143 | — | < 2.9-lp152.8.3.1 | 2.9-lp152.8.3.1 | Jun 15, 2015 | The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. | ||
| CVE-2015-4142 | — | < 2.9-lp152.8.3.1 | 2.9-lp152.8.3.1 | Jun 15, 2015 | Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read | ||
| CVE-2015-4141 | — | < 2.9-lp152.8.3.1 | 2.9-lp152.8.3.1 | Jun 15, 2015 | The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer o |
- affected < 2.9-lp152.8.3.1fixed 2.9-lp152.8.3.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- CVE-2015-8041Nov 9, 2015affected < 2.9-lp152.8.3.1fixed 2.9-lp152.8.3.1
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which tri
- CVE-2015-4143Jun 15, 2015affected < 2.9-lp152.8.3.1fixed 2.9-lp152.8.3.1
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
- CVE-2015-4142Jun 15, 2015affected < 2.9-lp152.8.3.1fixed 2.9-lp152.8.3.1
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read
- CVE-2015-4141Jun 15, 2015affected < 2.9-lp152.8.3.1fixed 2.9-lp152.8.3.1
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer o
Page 2 of 2