Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2016-4477

Published: 9 May 2016

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

Priority

Low

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
wpasupplicant
Launchpad, Ubuntu, Debian
precise Ignored
(end of life)
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

hostapd
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream Needs triage

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

precise Ignored
(end of life)
wpa
Launchpad, Ubuntu, Debian
artful
Released (2.4-0ubuntu10)
bionic
Released (2.4-0ubuntu10)
cosmic
Released (2.4-0ubuntu10)
disco
Released (2.4-0ubuntu10)
eoan
Released (2.4-0ubuntu10)
focal
Released (2.4-0ubuntu10)
groovy
Released (2.4-0ubuntu10)
hirsute
Released (2.4-0ubuntu10)
precise Does not exist

trusty
Released (2.1-0ubuntu1.5)
upstream Needs triage

wily Ignored
(end of life)
xenial
Released (2.4-0ubuntu6.2)
yakkety Ignored
(end of life)
zesty
Released (2.4-0ubuntu9.1)
Patches:
upstream: http://w1.fi/security/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
upstream: http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
upstream: http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
upstream: http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
upstream: http://w1.fi/security/2016-1/0005-Reject-SET-commands-with-newline-characters-in-the-s.patch

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H