Your submission was sent successfully! Close

CVE-2015-8041

Published: 9 November 2015

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Priority

Low

Status

Package Release Status
hostapd
Launchpad, Ubuntu, Debian
precise Not vulnerable
(CONFIG_WPS_NFC disabled)
trusty Does not exist

upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

wpa
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable

upstream
Released (2.3-2.2)
vivid Not vulnerable
(CONFIG_WPS_NFC disabled)
wily Ignored
(reached end-of-life)
xenial
Released (2.4-0ubuntu5)
Patches:
upstream: http://w1.fi/cgit/hostap/commit/?id=df9079e72760ceb7ebe7fb11538200c516bdd886
wpasupplicant
Launchpad, Ubuntu, Debian
precise Not vulnerable
(CONFIG_WPS_NFC disabled)
trusty Does not exist

upstream
Released (2.5)
vivid Does not exist

wily Does not exist

xenial Does not exist

Notes

AuthorNote
tyhicks
CONFIG_WPS_NFC is not set in Vivid and older builds of wpa
CONFIG_WPS_NFS is not set in wpasupplicant or hostapd builds

References