Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpa supplicant wpa supplicant vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-0470
Buffer overflow in wpa_supplicant prior to 0.2.7 allows remote malicious users to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
Wpa Supplicant Wpa Supplicant 0.2.5
Wpa Supplicant Wpa Supplicant 0.2.6
Wpa Supplicant Wpa Supplicant 0.2
Wpa Supplicant Wpa Supplicant 0.2.1
Wpa Supplicant Wpa Supplicant 0.2.2
Wpa Supplicant Wpa Supplicant 0.2.3
Wpa Supplicant Wpa Supplicant 0.2.4
Suse Suse Linux 9.2
Gentoo Linux
7.1
CVSSv2
CVE-2007-6025
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and previous versions allows remote malicious users to cause a denial of service (crash) via crafted TSF data.
Wpa Supplicant Wpa Supplicant
4.3
CVSSv2
CVE-2015-4141
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 up to and including 2.4 allows remote malicious users to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or h...
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 0.7.3
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 0.7.1
W1.fi Wpa Supplicant 0.7.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Wpa Supplicant 0.7.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Hostapd 0.7.2
W1.fi Hostapd 0.7.3
W1.fi Hostapd 2.4
W1.fi Hostapd 0.7.0
W1.fi Hostapd 0.7.1
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.0
W1.fi Hostapd 1.1
5
CVSSv2
CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Hostapd 1.0
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 2.2
W1.fi Hostapd 1.1
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
5
CVSSv2
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote malicious users to cause a denial of service (crash) via a crafted message.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
5
CVSSv2
CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not validate a fragment is already being processed, which allows remote malicious users to cause a denial of service (memory leak) via a crafted message.
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.4
5
CVSSv2
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote malicious users to cause a denial of service (crash) via a crafted...
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.4
W1.fi Hostapd 2.1
W1.fi Hostapd 2.2
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
W1.fi Hostapd 2.0
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
4.3
CVSSv2
CVE-2015-0210
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote malicious users to cause a man-in-the-middle attack.
W1.fi Wpa Supplicant 2.0-16
4.3
CVSSv2
CVE-2019-11555
The EAP-pwd implementation in hostapd (EAP server) prior to 2.8 and wpa_supplicant (EAP peer) prior to 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL p...
W1.fi Hostapd
W1.fi Wpa Supplicant
4.3
CVSSv2
CVE-2015-5315
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x prior to 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote malicious users to cause a den...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »