CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 0CVE-2015-4144
https://notcve.org/view.php?id=CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. La implementación EAP-pwd server and peer en hostapd y wpa_supplicant 1.0 hasta 2.4 no valida que un mensaje tiene la longitud suficiente para contener el campo Total-Length, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje manipulado. • http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/05/09/6 http://www.openwall.com/lists/oss-security/2015/05/31/6 http://www.ubuntu.com/usn/USN-2650-1 https://security.gentoo.org/glsa/201606-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 0CVE-2015-4146
https://notcve.org/view.php?id=CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. La implementación EAP-pwd peer en hostapd y wpa_supplicant 1.0 hasta 2.4 no limpia los indicadores L (Length) y M (More) antes de determinar si una respuesta debe ser fragmentada, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje manipulado. • http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/05/09/6 http://www.openwall.com/lists/oss-security/2015/05/31/6 http://www.ubuntu.com/usn/USN-2650-1 https://security.gentoo.org/glsa/201606- •
CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 0CVE-2015-4143
https://notcve.org/view.php?id=CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. La implementación EAP-pwd server and peer en hostapd y wpa_supplicant 1.0 hasta 2.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída) a través de una carga útil de mensaje (1) Commit o (2) Confirm manipulada. • http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/05/09/6 http://www.openwall.com/lists/oss-security/2015/05/31/6 http://www.ubuntu.com/usn/USN-2650-1 https://security.gentoo.org/glsa/201606-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2015-2325 – pcre: heap buffer overflow in compile_branch()
https://notcve.org/view.php?id=CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. La función compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto, causar una denegación de servicio (lectura de la pila fuera de límites y bloqueo) o posiblemente tener otro impacto no especificado por medio de una expresión regular con un grupo que contiene una referencia directa repetida una gran número de veces dentro de un grupo externo repetido que posee un cuantificador mínimo cero. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1591 https://fortiguard.com/zeroday/FG-VD-15-015 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2325 https://bugzilla.redhat.com/show_bug.cgi?id=1207198 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2015-2326 – pcre: heap buffer over-read in pcre_compile2() (8.37/23)
https://notcve.org/view.php?id=CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". La función pcre_compile2 en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto y causar una denegación de servicio (lectura fuera de límites) mediante una expresión regular con un grupo que contiene una llamada de subrutina de referencia directa y una referencia inversa recursiva, como es demostrado por "((? +1)(\1))/". • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1592 https://fortiguard.com/zeroday/FG-VD-15-016 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2326 https://bugzilla.redhat.com/show_bug.cgi?id=1207202 • CWE-125: Out-of-bounds Read •