Hostapd
Monthly
Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.
hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.
hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.