Published: 09/05/2016 Updated: 12/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

hostapd 0.6.7 up to and including 2.5 and wpa_supplicant 0.6.7 up to and including 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote malicious users to cause a denial of service (daemon outage) via a crafted WPS operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
w1.fi hostapd
w1.fi wpa supplicant
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.04

Debian Bug report logs - #823411 wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 12:51:01 UTC Severity: important Tags: patch, securit ...

Several security issues were fixed in wpa_supplicant ...

hostapd 067 through 25 and wpa_supplicant 067 through 25 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation ...

A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter If this parameter has been updated to include control characters either through a WPS operation or through local configuration change over the wpa_supplicant control interface, the resulting configuration file may ...

CWE-20 http://www.openwall.com/lists/oss-security/2016/05/03/12 http://www.ubuntu.com/usn/USN-3455-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411 https://nvd.nist.gov https://usn.ubuntu.com/3455-1/

CVE-2016-4476

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect