rpm package
opensuse/wpa_supplicant&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wpa_supplicant&distro=openSUSE%20Tumbleweed
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24912 | — | < 2.11-4.1 | 2.11-4.1 | Mar 12, 2025 | hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. | ||
| CVE-2023-52424 | Hig | 7.4 | < 2.11-1.1 | 2.11-1.1 | May 17, 2024 | The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always | |
| CVE-2023-52160 | — | < 2.10-6.1 | 2.10-6.1 | Feb 22, 2024 | The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t | ||
| CVE-2021-30004 | — | < 2.9-13.4 | 2.9-13.4 | Apr 2, 2021 | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | ||
| CVE-2021-27803 | — | < 2.9-13.4 | 2.9-13.4 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2021-0326 | — | < 2.9-13.4 | 2.9-13.4 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need | ||
| CVE-2019-16275 | — | < 2.9-13.4 | 2.9-13.4 | Sep 12, 2019 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac | ||
| CVE-2019-13377 | — | < 2.9-13.4 | 2.9-13.4 | Aug 15, 2019 | The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information fr | ||
| CVE-2019-11555 | — | < 2.9-13.4 | 2.9-13.4 | Apr 26, 2019 | The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL point | ||
| CVE-2019-9499 | — | < 2.9-13.4 | 2.9-13.4 | Apr 17, 2019 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th | ||
| CVE-2019-9497 | — | < 2.9-13.4 | 2.9-13.4 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l | ||
| CVE-2019-9495 | — | < 2.9-13.4 | 2.9-13.4 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f | ||
| CVE-2019-9494 | — | < 2.9-13.4 | 2.9-13.4 | Apr 17, 2019 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password | ||
| CVE-2018-14526 | — | < 2.9-13.4 | 2.9-13.4 | Aug 8, 2018 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove | ||
| CVE-2015-5316 | — | < 2.6-1.1 | 2.6-1.1 | Feb 21, 2018 | The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confir | ||
| CVE-2015-5315 | — | < 2.6-1.1 | 2.6-1.1 | Feb 21, 2018 | The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of s | ||
| CVE-2017-13086 | Med | 6.8 | < 2.9-13.4 | 2.9-13.4 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |
| CVE-2017-13079 | Med | 5.3 | < 2.9-13.4 | 2.9-13.4 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |
| CVE-2017-13078 | Med | 5.3 | < 2.9-13.4 | 2.9-13.4 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. | |
| CVE-2017-13077 | Med | 6.8 | < 2.9-13.4 | 2.9-13.4 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
- CVE-2025-24912Mar 12, 2025affected < 2.11-4.1fixed 2.11-4.1
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
- affected < 2.11-1.1fixed 2.11-1.1
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always
- CVE-2023-52160Feb 22, 2024affected < 2.10-6.1fixed 2.10-6.1
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t
- CVE-2021-30004Apr 2, 2021affected < 2.9-13.4fixed 2.9-13.4
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
- CVE-2021-27803Feb 26, 2021affected < 2.9-13.4fixed 2.9-13.4
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- CVE-2021-0326Feb 10, 2021affected < 2.9-13.4fixed 2.9-13.4
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need
- CVE-2019-16275Sep 12, 2019affected < 2.9-13.4fixed 2.9-13.4
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac
- CVE-2019-13377Aug 15, 2019affected < 2.9-13.4fixed 2.9-13.4
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information fr
- CVE-2019-11555Apr 26, 2019affected < 2.9-13.4fixed 2.9-13.4
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL point
- CVE-2019-9499Apr 17, 2019affected < 2.9-13.4fixed 2.9-13.4
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th
- CVE-2019-9497Apr 17, 2019affected < 2.9-13.4fixed 2.9-13.4
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l
- CVE-2019-9495Apr 17, 2019affected < 2.9-13.4fixed 2.9-13.4
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f
- CVE-2019-9494Apr 17, 2019affected < 2.9-13.4fixed 2.9-13.4
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password
- CVE-2018-14526Aug 8, 2018affected < 2.9-13.4fixed 2.9-13.4
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove
- CVE-2015-5316Feb 21, 2018affected < 2.6-1.1fixed 2.6-1.1
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confir
- CVE-2015-5315Feb 21, 2018affected < 2.6-1.1fixed 2.6-1.1
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of s
- affected < 2.9-13.4fixed 2.9-13.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- affected < 2.9-13.4fixed 2.9-13.4
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
- affected < 2.9-13.4fixed 2.9-13.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
- affected < 2.9-13.4fixed 2.9-13.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
Page 1 of 2