Search CVE reports
1 – 10 of 24 results
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Fixed | 
| wpasupplicant | — | — | — | Not in release | 
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Fixed | 
| wpasupplicant | — | — | — | Not in release | 
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Fixed | 
| wpasupplicant | — | — | — | Not in release | 
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Fixed | 
| wpasupplicant | — | — | — | Not in release | 
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Not affected | 
| wpasupplicant | — | — | — | Not in release | 
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Fixed | 
| wpasupplicant | — | — | — | Not in release | 
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | Not affected | 
| wpasupplicant | — | — | — | Not in release | 
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpa | — | — | — | — | 
| wpasupplicant | — | — | — | — | 
Some fixes available 11 of 15
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon...
3 affected packages
wpasupplicant, hostapd, wpa
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| wpasupplicant | — | — | Not in release | Not in release | 
| hostapd | — | — | Not in release | Not in release | 
| wpa | — | — | Fixed | Fixed | 
Some fixes available 11 of 15
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
3 affected packages
hostapd, wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| hostapd | — | — | Not in release | Not in release | 
| wpa | — | — | Fixed | Fixed | 
| wpasupplicant | — | — | Not in release | Not in release |