A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code.
Find out more about CVE-2015-1863 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the wpa_supplicant versions as shipped with Red Hat Enterprise Linux 5 and 6.
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:A/AC:H/Au:N/C:C/I:C/A:C |
| Access Vector | Adjacent Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (wpa_supplicant) | RHSA-2015:1090 | 2015-06-11 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | wpa_supplicant | Affected |
| Red Hat Enterprise Linux 5 | wpa_supplicant | Affected |
Vulmon