CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13088 – wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13088
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11v permite la reinstalación de la clave temporal GTK (Integrity Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Response, haciendo que un atacante que se sitúe dentro del radio reproduzca frames desde los puntos de acceso hasta los clientes. A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake. • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt http://www.debian.org/security/2017/dsa-3999 http://www.kb.cert.org/vuls/id/228519 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/101274 http • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2015-8041
https://notcve.org/view.php?id=CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Múltiples desbordamientos de entero en el analizador de registro NDEF en hostapd en versiones anteriores a 2.5 y wpa_supplicant en versiones anteriores a 2.5 permite a atacantes remotos causar una denegación de servicio (caída de proceso o bucle infinito) a través de un valor de campo payload length grande en un registro (1) WPS o (2) P2P NFC NDEF, lo que desencadena una lectura fuera de rangos. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00041.html http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/11/02/5 http://www.securityfocus.com/bid/75604 https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6025
https://notcve.org/view.php?id=CVE-2007-6025
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. Desbordamiento de búfer en driver_wext.c de wpa_supplicant 0.6.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante datos TSF manipulados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387 http://www.mandriva.com/security/advisories?name=MDKSA-2007:245 http://www.securityfocus.com/bid/26555 https://bugzilla.redhat.com/show_bug.cgi?id=292991 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •