rpm package
suse/wpa_supplicant&distro=SUSE Linux Enterprise Server 12 SP2-LTSS
pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-27803 | — | < 2.6-15.16.1 | 2.6-15.16.1 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2021-0326 | — | < 2.6-15.13.1 | 2.6-15.13.1 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need | ||
| CVE-2019-16275 | — | < 2.6-15.13.1 | 2.6-15.13.1 | Sep 12, 2019 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac | ||
| CVE-2018-14526 | — | < 2.6-15.10.1 | 2.6-15.10.1 | Aug 8, 2018 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove |
- CVE-2021-27803Feb 26, 2021affected < 2.6-15.16.1fixed 2.6-15.16.1
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- CVE-2021-0326Feb 10, 2021affected < 2.6-15.13.1fixed 2.6-15.13.1
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need
- CVE-2019-16275Sep 12, 2019affected < 2.6-15.13.1fixed 2.6-15.13.1
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac
- CVE-2018-14526Aug 8, 2018affected < 2.6-15.10.1fixed 2.6-15.10.1
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove