rpm package
suse/wpa_supplicant&distro=SUSE Linux Enterprise Micro 5.1
pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52160 | — | < 2.9-150000.4.39.1 | 2.9-150000.4.39.1 | Feb 22, 2024 | The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t | ||
| CVE-2022-23304 | — | < 2.9-4.33.1 | 2.9-4.33.1 | Jan 17, 2022 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | ||
| CVE-2022-23303 | — | < 2.9-4.33.1 | 2.9-4.33.1 | Jan 17, 2022 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. |
- CVE-2023-52160Feb 22, 2024affected < 2.9-150000.4.39.1fixed 2.9-150000.4.39.1
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t
- CVE-2022-23304Jan 17, 2022affected < 2.9-4.33.1fixed 2.9-4.33.1
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
- CVE-2022-23303Jan 17, 2022affected < 2.9-4.33.1fixed 2.9-4.33.1
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.