rpm package
suse/wpa_supplicant&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52160 | — | < 2.9-23.20.1 | 2.9-23.20.1 | Feb 22, 2024 | The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t | ||
| CVE-2022-23304 | — | < 2.9-23.15.1 | 2.9-23.15.1 | Jan 17, 2022 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | ||
| CVE-2022-23303 | — | < 2.9-23.15.1 | 2.9-23.15.1 | Jan 17, 2022 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | ||
| CVE-2021-30004 | — | < 2.9-23.12.1 | 2.9-23.12.1 | Apr 2, 2021 | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | ||
| CVE-2021-27803 | — | < 2.9-23.9.2 | 2.9-23.9.2 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2021-0326 | — | < 2.9-23.6.1 | 2.9-23.6.1 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need | ||
| CVE-2019-16275 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Sep 12, 2019 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac | ||
| CVE-2019-13377 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Aug 15, 2019 | The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information fr | ||
| CVE-2019-11555 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 26, 2019 | The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL point | ||
| CVE-2019-9499 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th | ||
| CVE-2019-9498 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au | ||
| CVE-2019-9497 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l | ||
| CVE-2019-9495 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 17, 2019 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f | ||
| CVE-2019-9494 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Apr 17, 2019 | The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password | ||
| CVE-2018-14526 | — | < 2.9-23.3.1 | 2.9-23.3.1 | Aug 8, 2018 | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove | ||
| CVE-2017-13088 | Med | 5.3 | < 2.9-23.3.1 | 2.9-23.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points t | |
| CVE-2017-13087 | Med | 5.3 | < 2.9-23.3.1 | 2.9-23.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | |
| CVE-2017-13086 | Med | 6.8 | < 2.9-23.3.1 | 2.9-23.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |
| CVE-2017-13082 | Hig | 8.1 | < 2.9-23.3.1 | 2.9-23.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |
| CVE-2017-13081 | Med | 5.3 | < 2.9-23.3.1 | 2.9-23.3.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
- CVE-2023-52160Feb 22, 2024affected < 2.9-23.20.1fixed 2.9-23.20.1
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused t
- CVE-2022-23304Jan 17, 2022affected < 2.9-23.15.1fixed 2.9-23.15.1
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
- CVE-2022-23303Jan 17, 2022affected < 2.9-23.15.1fixed 2.9-23.15.1
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
- CVE-2021-30004Apr 2, 2021affected < 2.9-23.12.1fixed 2.9-23.12.1
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
- CVE-2021-27803Feb 26, 2021affected < 2.9-23.9.2fixed 2.9-23.9.2
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- CVE-2021-0326Feb 10, 2021affected < 2.9-23.6.1fixed 2.9-23.6.1
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need
- CVE-2019-16275Sep 12, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attac
- CVE-2019-13377Aug 15, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information fr
- CVE-2019-11555Apr 26, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL point
- CVE-2019-9499Apr 17, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th
- CVE-2019-9498Apr 17, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au
- CVE-2019-9497Apr 17, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto l
- CVE-2019-9495Apr 17, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary f
- CVE-2019-9494Apr 17, 2019affected < 2.9-23.3.1fixed 2.9-23.3.1
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password
- CVE-2018-14526Aug 8, 2018affected < 2.9-23.3.1fixed 2.9-23.3.1
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recove
- affected < 2.9-23.3.1fixed 2.9-23.3.1
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points t
- affected < 2.9-23.3.1fixed 2.9-23.3.1
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
- affected < 2.9-23.3.1fixed 2.9-23.3.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- affected < 2.9-23.3.1fixed 2.9-23.3.1
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- affected < 2.9-23.3.1fixed 2.9-23.3.1
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
Page 1 of 2