CVE-2015-8041
Published: 09 November 2015
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Priority
Status
Package | Release | Status |
---|---|---|
hostapd Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
wpa Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.3-2.2)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.4-0ubuntu5)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
Patches: Upstream: http://w1.fi/cgit/hostap/commit/?id=df9079e72760ceb7ebe7fb11538200c516bdd886 |
||
wpasupplicant Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.5)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
Author | Note |
---|---|
tyhicks | CONFIG_WPS_NFC is not set in Vivid and older builds of wpa CONFIG_WPS_NFS is not set in wpasupplicant or hostapd builds |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8041
- http://www.openwall.com/lists/oss-security/2015/07/08/3
- http://w1.fi/security/2015-5/
- NVD
- Launchpad
- Debian