CVE-2015-8041

Published: 09 November 2015

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Priority

Low

Status

Package Release Status
hostapd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

wpa
Launchpad, Ubuntu, Debian
Upstream
Released (2.3-2.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.4-0ubuntu5)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: http://w1.fi/cgit/hostap/commit/?id=df9079e72760ceb7ebe7fb11538200c516bdd886
wpasupplicant
Launchpad, Ubuntu, Debian
Upstream
Released (2.5)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
tyhicks
CONFIG_WPS_NFC is not set in Vivid and older builds of wpa
CONFIG_WPS_NFS is not set in wpasupplicant or hostapd builds

References

Bugs