Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-8041

Published: 09/11/2015 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Wpa Supplicant

Vulnerability Summary

Multiple integer overflows in the NDEF record parser in hostapd prior to 2.5 and wpa_supplicant prior to 2.5 allow remote malicious users to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Vulnerable Product Search on Vulmon Subscribe to Product

w1.fi wpa supplicant

opensuse opensuse 13.2

opensuse opensuse 13.1

w1.fi hostapd

Vendor Advisories

Debian CVElist Bug Report Logs: wpa: CVE-2015-8041: Incomplete WPS and P2P NFC NDEF record payload length validation
Debian Bug report logs - #795740 wpa: CVE-2015-8041: Incomplete WPS and P2P NFC NDEF record payload length validation Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Aug 2015 14:45:02 UTC Severi ...
Red Hat: CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd before 25 and wpa_supplicant before 25 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read ...

References

CWE-189http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txthttps://w1.fi/cgit/hostap/plain/hostapd/ChangeLoghttp://lists.opensuse.org/opensuse-updates/2015-11/msg00041.htmlhttp://www.openwall.com/lists/oss-security/2015/11/02/5http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.htmlhttps://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLoghttp://www.securityfocus.com/bid/75604http://www.debian.org/security/2015/dsa-3397https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795740https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-8041
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook