Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*
There are 29 matching records.
Displaying matches 21 through 29.
Vuln ID Summary CVSS Severity
CVE-2017-13077

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: October 16, 2017; 10:29:00 PM -0400
V3.0: 6.8 MEDIUM
V2.0: 5.4 MEDIUM
CVE-2016-4476

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Published: May 09, 2016; 6:59:41 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-8041

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Published: November 09, 2015; 11:59:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4146

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.

Published: June 15, 2015; 11:59:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4145

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.

Published: June 15, 2015; 11:59:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

Published: June 15, 2015; 11:59:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

Published: June 15, 2015; 11:59:07 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

Published: June 15, 2015; 11:59:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-4141

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Published: June 15, 2015; 11:59:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM