Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2015-1863

Published: 28/04/2015 Updated: 30/10/2018
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
VMScore: 516
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Canonical

Vulnerability Summary

Heap-based buffer overflow in wpa_supplicant 1.0 up to and including 2.4 allows remote malicious users to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 15.04

canonical ubuntu linux 14.04

canonical ubuntu linux 14.10

w1.fi wpa supplicant 2.2

w1.fi wpa supplicant 2.3

w1.fi wpa supplicant 2.0

w1.fi wpa supplicant 2.1

w1.fi wpa supplicant 2.4

w1.fi wpa supplicant 1.0

w1.fi wpa supplicant 1.1

redhat enterprise linux hpc node eus 7.1

redhat enterprise linux server eus 7.1

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux hpc node 7.0

debian debian linux 7.0

debian debian linux 8.0

opensuse opensuse 13.1

opensuse opensuse 13.2

Vendor Advisories

Ubuntu Security Notice: wpa vulnerability
wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic ...
Debian CVElist Bug Report Logs: wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory
Debian Bug report logs - #823411 wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 12:51:01 UTC Severity: important Tags: patch, securit ...
Debian CVElist Bug Report Logs: wpa: CVE-2015-1863: wpa_supplicant P2P SSID processing vulnerability
Debian Bug report logs - #783148 wpa: CVE-2015-1863: wpa_supplicant P2P SSID processing vulnerability Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 22 Apr 2015 21:00:02 UTC Severity: grave Tags: ...
Debian Security Advisories: DSA-3233-1 wpa -- security update
The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code For the stable distrib ...
Red Hat: CVE-2015-1863
A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code ...

References

CWE-119http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txthttp://www.debian.org/security/2015/dsa-3233http://www.ubuntu.com/usn/USN-2577-1http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00000.htmlhttp://www.securitytracker.com/id/1032192http://seclists.org/fulldisclosure/2015/Apr/82http://rhn.redhat.com/errata/RHSA-2015-1090.htmlhttps://security.gentoo.org/glsa/201606-17http://www.securityfocus.com/bid/74296http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19http://www.securityfocus.com/archive/1/535353/100/0/threadedhttps://usn.ubuntu.com/2577-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1863
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook