CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13086 – wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
https://notcve.org/view.php?id=CVE-2017-13086
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave TPK (Peer Key) TDLS (Tunneled Direct-Link Setup) durante la negociación TDLS, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. A new exploitation technique called key reinst... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13087 – wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13087
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11r permite la reinstalación de la clave GTK (Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Response, haciendo que un atacante qu... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13088 – wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13088
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11v permite la reinstalación de la clave temporal GTK (Integrity Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Respons... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4476 – Ubuntu Security Notice USN-3455-1
https://notcve.org/view.php?id=CVE-2016-4476
09 May 2016 — hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. hostapd 0.6.7 hasta la versión 2.5 y wpa_supplicant 0.6.7 hasta la versión 2.5 no rechaza caracteres \n y \r en parámetros passphrase, lo que permite a atacantes remotos provocar una denegación de servicio (corte de demonio) a través de una operación WPS manipulada. Mathy Vanhoef dis... • http://www.openwall.com/lists/oss-security/2016/05/03/12 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8041 – Debian Security Advisory 3397-1
https://notcve.org/view.php?id=CVE-2015-8041
09 Nov 2015 — Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Múltiples desbordamientos de entero en el analizador de registro NDEF en hostapd en versiones anteriores a 2.5 y wpa_supplicant en versiones anteriores a 2.5 permite a atacantes remotos causar una denega... • http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 0CVE-2012-4445 – FreeBSD Security Advisory - EAP-TLS Message Insufficient Validation
https://notcve.org/view.php?id=CVE-2012-4445
08 Oct 2012 — Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set. Desbordamiento de búfer basado en memoria dinámica en la función eap_server_tls_process_fragment de eap_server_tls_common.c en el servidor de autenticación EAP en hostapd v0.6 hasta v... • http://osvdb.org/86051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •