Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-4898-1 wpa -- security update

Related Vulnerabilities: CVE-2020-12695   CVE-2021-0326   CVE-2021-27803  

Several vulnerabilities have been discovered in wpa_supplicant and hostapd. CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service. CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. CVE-2021-27803 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

Source

Debian Security Advisory

DSA-4898-1 wpa -- security update

Date Reported:
22 Apr 2021
Affected Packages:
wpa
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 976106, Bug 981971.
In Mitre's CVE dictionary: CVE-2020-12695, CVE-2021-0326, CVE-2021-27803.
More information:

Several vulnerabilities have been discovered in wpa_supplicant and hostapd.

  • CVE-2020-12695

    It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service.

  • CVE-2021-0326

    It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.

  • CVE-2021-27803

    It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code.

For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started