Vulnerabilities (CVE)

Vendor filter

W1.fi Subscribe

Product filter

Hostapd Subscribe

Filter

35 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9499 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete...
CVE-2019-9498 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid...
CVE-2019-9497 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 6.8
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the...
CVE-2019-9496 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 5.0
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An...
CVE-2019-9495 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 4.3
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and...
CVE-2019-9494 2 W1.fi, Fedoraproject 3 Hostapd, Wpa Supplicant, Fedora 2019-05-15 4.3
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack...
CVE-2019-11555 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-05-15 4.3
The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in...
CVE-2018-14526 3 W1.fi, Canonical, Debian 3 Wpa Supplicant, Ubuntu Linux, Debian Linux 2019-05-08 3.3
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can...
CVE-2016-10743 1 W1.fi 1 Hostapd 2019-04-10 5.0
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2017-13081 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13080 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13079 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13078 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-13 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13077 9 Wpa, Wpa2, W1.fi and 6 more 14 Wpa, Wpa2, Hostapd and 11 more 2018-11-13 5.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2017-13082 7 W1.fi, Canonical, Debian and 4 more 12 Hostapd, Wpa Supplicant, Ubuntu Linux and 9 more 2018-11-02 5.8
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay,...
CVE-2015-4141 3 W1.fi, Novell, Opensuse 4 Hostapd, Wpa Supplicant, Opensuse and 1 more 2018-10-30 4.3
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an...
CVE-2015-4143 3 W1.fi, Novell, Opensuse 4 Hostapd, Wpa Supplicant, Opensuse and 1 more 2018-10-30 5.0
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
CVE-2015-4144 3 W1.fi, Novell, Opensuse 4 Hostapd, Wpa Supplicant, Opensuse and 1 more 2018-10-30 5.0
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a...
CVE-2015-8041 3 W1.fi, Novell, Opensuse 4 Hostapd, Wpa Supplicant, Opensuse and 1 more 2018-10-30 5.0
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or...
CVE-2015-1863 6 Novell, W1.fi, Debian and 3 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more 2018-10-30 5.8
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or...