rpm package
suse/wpa_supplicant&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/wpa_supplicant&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23304 | — | < 2.9-4.33.1 | 2.9-4.33.1 | Jan 17, 2022 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | ||
| CVE-2022-23303 | — | < 2.9-4.33.1 | 2.9-4.33.1 | Jan 17, 2022 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | ||
| CVE-2021-27803 | — | < 2.9-4.26.1 | 2.9-4.26.1 | Feb 26, 2021 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | ||
| CVE-2021-0326 | — | < 2.9-4.23.1 | 2.9-4.23.1 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need |
- CVE-2022-23304Jan 17, 2022affected < 2.9-4.33.1fixed 2.9-4.33.1
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
- CVE-2022-23303Jan 17, 2022affected < 2.9-4.33.1fixed 2.9-4.33.1
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
- CVE-2021-27803Feb 26, 2021affected < 2.9-4.26.1fixed 2.9-4.26.1
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
- CVE-2021-0326Feb 10, 2021affected < 2.9-4.23.1fixed 2.9-4.23.1
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not need