rpm package

suse/wpa_supplicant&distro=SUSE Linux Enterprise Server for SAP Applications 15

pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Vulnerabilities (26)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-13078	Med	5.3	< 2.9-4.20.1	2.9-4.20.1	Oct 17, 2017	Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13077	Med	6.8	< 2.9-4.20.1	2.9-4.20.1	Oct 17, 2017	Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2015-8041		—	< 2.9-4.20.1	2.9-4.20.1	Nov 9, 2015	Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which tri
CVE-2015-4143		—	< 2.9-4.20.1	2.9-4.20.1	Jun 15, 2015	The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
CVE-2015-4142		—	< 2.9-4.20.1	2.9-4.20.1	Jun 15, 2015	Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read
CVE-2015-4141		—	< 2.9-4.20.1	2.9-4.20.1	Jun 15, 2015	The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer o

CVE-2017-13078MedOct 17, 2017
affected < 2.9-4.20.1fixed 2.9-4.20.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13077MedOct 17, 2017
affected < 2.9-4.20.1fixed 2.9-4.20.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2015-8041Nov 9, 2015
affected < 2.9-4.20.1fixed 2.9-4.20.1
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which tri
CVE-2015-4143Jun 15, 2015
affected < 2.9-4.20.1fixed 2.9-4.20.1
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
CVE-2015-4142Jun 15, 2015
affected < 2.9-4.20.1fixed 2.9-4.20.1
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read
CVE-2015-4141Jun 15, 2015
affected < 2.9-4.20.1fixed 2.9-4.20.1
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer o

Page 2 of 2