Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv2

CVE-2021-27803

Published: 26/02/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.4 | Impact Score: 6.4 | Exploitability Score: 5.5
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 481
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P
Subscribe to W1.fi

Vulnerability Summary

A vulnerability exists in how p2p/p2p_pd.c in wpa_supplicant prior to 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

w1.fi wpa supplicant

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4898-1 wpa -- security update
Several vulnerabilities have been discovered in wpa_supplicant and hostapd CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P ...
Amazon Linux 2: ALAS2-2021-1624
A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution The highest threat from this vulnerability is to confident ...
Arch Linux Issues:
A vulnerability was discovered in how p2p/p2p_pdc in wpa_supplicant before 210 processes P2P (Wi-Fi Direct) provision discovery requests It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range ...

Mailing Lists

Full Disclosure: Re: wpa_supplicant P2P provision discovery processing vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: wpa_supplicant P2P provision discovery processing vulnerability <!--X-Subject-Header-End--> <!--X-Head-of-Message--> Fro ...

References

NVD-CWE-noinfohttps://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txthttps://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patchhttps://www.openwall.com/lists/oss-security/2021/02/25/3http://www.openwall.com/lists/oss-security/2021/02/27/1https://lists.debian.org/debian-lts-announce/2021/03/msg00003.htmlhttps://www.debian.org/security/2021/dsa-4898https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4898
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook