Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpa supplicant vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-5316
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x prior to 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pw...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-5314
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x prior to 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configu...
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
5
CVSSv2
CVE-2021-30004
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
W1.fi Hostapd 2.9
W1.fi Wpa Supplicant 2.9
6.8
CVSSv2
CVE-2022-23303
The implementations of SAE in hostapd prior to 2.10 and wpa_supplicant prior to 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 35
6.8
CVSSv2
CVE-2022-23304
The implementations of EAP-pwd in hostapd prior to 2.10 and wpa_supplicant prior to 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 35
5
CVSSv2
CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd prior to 2.5 and wpa_supplicant prior to 2.5 allow remote malicious users to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record,...
W1.fi Wpa Supplicant
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
W1.fi Hostapd
5
CVSSv2
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd proc...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
6.8
CVSSv2
CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an malicious user to complete EAP-PWD authentication without knowing the password. However, unless the cr...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5.4
CVSSv2
CVE-2021-27803
A vulnerability exists in how p2p/p2p_pd.c in wpa_supplicant prior to 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
W1.fi Wpa Supplicant
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
3.3
CVSSv2
CVE-2019-16275
hostapd prior to 2.10 and wpa_supplicant prior to 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The a...
W1.fi Hostapd
W1.fi Wpa Supplicant
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »