CVE-2015-8041
Published: 9 November 2015
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Notes
| Author | Note |
|---|---|
| tyhicks | CONFIG_WPS_NFC is not set in Vivid and older builds of wpa CONFIG_WPS_NFS is not set in wpasupplicant or hostapd builds |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
hostapd Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(CONFIG_WPS_NFC disabled)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| vivid |
Does not exist
|
|
| xenial |
Does not exist
|
|
| wily |
Does not exist
|
|
|
wpa Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Not vulnerable
|
|
| upstream |
Released
(2.3-2.2)
|
|
| vivid |
Not vulnerable
(CONFIG_WPS_NFC disabled)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Released
(2.4-0ubuntu5)
|
|
|
Patches: upstream: http://w1.fi/cgit/hostap/commit/?id=df9079e72760ceb7ebe7fb11538200c516bdd886 |
||
|
wpasupplicant Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(CONFIG_WPS_NFC disabled)
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.5)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|