The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
http://www.debian.org/security/2015/dsa-3397
http://www.openwall.com/lists/oss-security/2015/05/09/6
http://www.openwall.com/lists/oss-security/2015/05/31/6
OR
cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*
OR
cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143627 | SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2020:3380-1) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143321 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2053) (KRACK) | Nessus | SuSE Local Security Checks | medium |
143304 | openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK) | Nessus | SuSE Local Security Checks | medium |
104237 | openSUSE Security Update : hostapd (openSUSE-2017-1201) (KRACK) | Nessus | SuSE Local Security Checks | medium |
93700 | openSUSE Security Update : wpa_supplicant (openSUSE-2016-1104) | Nessus | SuSE Local Security Checks | medium |
93507 | SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1) | Nessus | SuSE Local Security Checks | medium |
91862 | GLSA-201606-17 : hostapd and wpa_supplicant: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
86833 | Debian DSA-3397-1 : wpa - security update | Nessus | Debian Local Security Checks | medium |
84230 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : wpa, wpasupplicant vulnerabilities (USN-2650-1) | Nessus | Ubuntu Local Security Checks | medium |
84183 | openSUSE Security Update : wpa-supplicant (openSUSE-2015-411) | Nessus | SuSE Local Security Checks | medium |
83964 | FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (bbc0db92-084c-11e5-bb90-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |