CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13086 – wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
https://notcve.org/view.php?id=CVE-2017-13086
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave TPK (Peer Key) TDLS (Tunneled Direct-Link Setup) durante la negociación TDLS, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. A new exploitation technique called key reinst... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13077 – wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake
https://notcve.org/view.php?id=CVE-2017-13077
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave temporal (TK) PTK (Pairwise Transient Key) durante la negociación en cuatro pasos, haciendo que un atacante que se sitúe entro del radio responda, descifre o suplante frames. A new exploitation technique called key re... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13081 – FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
https://notcve.org/view.php?id=CVE-2017-13081
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11w permite la reinstalación de la clave temporal IGTK (Integrity Group Temporal Key) durante el handshake de clave de grupo, haciendo que un atacante en el rango de radio suplante frames desde los puntos d... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4476 – Ubuntu Security Notice USN-3455-1
https://notcve.org/view.php?id=CVE-2016-4476
09 May 2016 — hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. hostapd 0.6.7 hasta la versión 2.5 y wpa_supplicant 0.6.7 hasta la versión 2.5 no rechaza caracteres \n y \r en parámetros passphrase, lo que permite a atacantes remotos provocar una denegación de servicio (corte de demonio) a través de una operación WPS manipulada. Mathy Vanhoef dis... • http://www.openwall.com/lists/oss-security/2016/05/03/12 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2015-8041 – Debian Security Advisory 3397-1
https://notcve.org/view.php?id=CVE-2015-8041
09 Nov 2015 — Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Múltiples desbordamientos de entero en el analizador de registro NDEF en hostapd en versiones anteriores a 2.5 y wpa_supplicant en versiones anteriores a 2.5 permite a atacantes remotos causar una denega... • http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2015-4141 – Ubuntu Security Notice USN-2650-1
https://notcve.org/view.php?id=CVE-2015-4141
15 Jun 2015 — The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. La función WPS UPnP en hostapd, cuando utiliza WPS AP, y wpa_supplicant, cuando utiliza el registro externo WPS (ER), 0.7.0 hasta 2.4 permite a atacantes remotos causar una denegación de servicio (caída) a través de una lon... • http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 28EXPL: 0CVE-2015-4142 – hostapd: integer underflow in AP mode WMM Action frame processing
https://notcve.org/view.php?id=CVE-2015-4142
11 Jun 2015 — Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Subdesbordamiento de enteros en el analizador sintáctico Frame de WMM Action en hostapd 0.5.5 hasta 2.4 y wpa_supplicant 0.7.0 hasta 2.4, cuando utilizado para la funcionalidad MLME/SME del modo AP, permite a atacantes remotos cau... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2014-3686 – hostapd: wpa_cli and hostapd_cli remote command execution issue
https://notcve.org/view.php?id=CVE-2014-3686
14 Oct 2014 — wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. wpa_supplicant y hostapd 0.7.2 hasta 2.2 cuando se ejecutan ciertas configuraciones y se utilizan los secuencias de comandos using_wpa_cli o hostapd_cli, permite a atacantes remotos ejecutar comandos arbitrarios a través de un frame manipulado. A command injection flaw was found in the way the w... • http://advisories.mageia.org/MGASA-2014-0429.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 7%CPEs: 13EXPL: 0CVE-2012-4445
https://notcve.org/view.php?id=CVE-2012-4445
10 Oct 2012 — Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set. Desbordamiento de búfer basado en memoria dinámica en la función eap_server_tls_process_fragment de eap_server_tls_common.c en el servidor de autenticación EAP en hostapd v0.6 hasta v... • http://osvdb.org/86051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •