Search CVE reports


Toggle filters

1 – 10 of 24 results


CVE-2019-16275

Medium priority
Fixed

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9499

Medium priority
Fixed

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9498

Medium priority
Fixed

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9497

Medium priority
Fixed

The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9496

Medium priority
Not affected

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9495

Medium priority
Fixed

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Fixed Fixed
wpasupplicant Not in release Not in release
Show less packages

CVE-2019-9494

Medium priority
Not affected

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side...

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa Not affected Not affected
wpasupplicant Not in release Not in release
Show less packages

CVE-2015-0210

Medium priority
Not affected

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.

2 affected packages

wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
wpa
wpasupplicant
Show less packages

CVE-2016-4477

Low priority

Some fixes available 11 of 15

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon...

3 affected packages

hostapd, wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hostapd Not in release Not in release Not in release
wpa Fixed Fixed Fixed
wpasupplicant Not in release Not in release Not in release
Show less packages

CVE-2016-4476

Low priority

Some fixes available 11 of 15

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

3 affected packages

hostapd, wpa, wpasupplicant

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hostapd Not in release Not in release Not in release
wpa Fixed Fixed Fixed
wpasupplicant Not in release Not in release Not in release
Show less packages