Skip to main content

Wpa Supplicant CVE-2015-4143

MEDIUM
Buffer Overflow (CWE-119)
2015-06-15 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Jun 15, 2015 - 15:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

AnalysisAI

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. Affected products include: W1.Fi Wpa Supplicant, W1.Fi Hostapd, Opensuse. Version information: through 2.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-13082 HIGH POC
8.1 Oct 17

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PT

CVE-2024-5290 HIGH POC
7.8 Aug 07

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a lo

CVE-2015-0210 MEDIUM POC
5.9 Aug 28

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-

CVE-2019-9499 HIGH
8.1 Apr 17

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validati

CVE-2019-9498 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on

CVE-2019-9497 HIGH
8.1 Apr 17

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element

CVE-2014-3686 MEDIUM
6.8 Oct 16

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli

CVE-2016-4476 HIGH
7.5 May 09

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase paramete

CVE-2015-1863 MEDIUM
5.8 Apr 28

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash

CVE-2021-27803 HIGH
7.5 Feb 26

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision

CVE-2019-9496 HIGH
7.5 Apr 17

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

CVE-2017-13084 MEDIUM
6.8 Oct 17

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) du

Share

CVE-2015-4143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy