The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 up to and including 2.4 allows remote malicious users to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
w1.fi wpa supplicant 1.1 |
||
w1.fi wpa supplicant 2.0 |
||
w1.fi wpa supplicant 0.7.3 |
||
w1.fi wpa supplicant 1.0 |
||
w1.fi wpa supplicant 0.7.1 |
||
w1.fi wpa supplicant 0.7.2 |
||
w1.fi wpa supplicant 2.3 |
||
w1.fi wpa supplicant 2.4 |
||
w1.fi wpa supplicant 0.7.0 |
||
w1.fi wpa supplicant 2.1 |
||
w1.fi wpa supplicant 2.2 |
||
w1.fi hostapd 0.7.2 |
||
w1.fi hostapd 0.7.3 |
||
w1.fi hostapd 2.4 |
||
w1.fi hostapd 0.7.0 |
||
w1.fi hostapd 0.7.1 |
||
w1.fi hostapd 2.2 |
||
w1.fi hostapd 2.3 |
||
w1.fi hostapd 2.0 |
||
w1.fi hostapd 2.1 |
||
w1.fi hostapd 1.0 |
||
w1.fi hostapd 1.1 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
Vulmon