Page 3 of 14 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Múltiples desbordamientos de entero en el analizador de registro NDEF en hostapd en versiones anteriores a 2.5 y wpa_supplicant en versiones anteriores a 2.5 permite a atacantes remotos causar una denegación de servicio (caída de proceso o bucle infinito) a través de un valor de campo payload length grande en un registro (1) WPS o (2) P2P NFC NDEF, lo que desencadena una lectura fuera de rangos. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/11/02/5 http://www.securityfocus.com/bid/75604 https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog • CWE-189: Numeric Errors •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. Desbordamiento de búfer en driver_wext.c de wpa_supplicant 0.6.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante datos TSF manipulados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387 http://www.mandriva.com/security/advisories?name=MDKSA-2007:245 http://www.securityfocus.com/bid/26555 https://bugzilla.redhat.com/show_bug.cgi?id=292991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. • http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html http://secunia.com/advisories/14313 http://securitytracker.com/id?1013226 http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/19357 •