CVE-2015-4143
https://notcve.org/view.php?id=CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. La implementación EAP-pwd server and peer en hostapd y wpa_supplicant 1.0 hasta 2.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída) a través de una carga útil de mensaje (1) Commit o (2) Confirm manipulada. • http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt http://www.debian.org/security/2015/dsa-3397 http://www.openwall.com/lists/oss-security/2015/05/09/6 http://www.openwall.com/lists/oss-security/2015/05/31/6 http://www.ubuntu.com/usn/USN-2650-1 https://security.gentoo.org/glsa/201606-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2325 – pcre: heap buffer overflow in compile_branch()
https://notcve.org/view.php?id=CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. La función compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto, causar una denegación de servicio (lectura de la pila fuera de límites y bloqueo) o posiblemente tener otro impacto no especificado por medio de una expresión regular con un grupo que contiene una referencia directa repetida una gran número de veces dentro de un grupo externo repetido que posee un cuantificador mínimo cero. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1591 https://fortiguard.com/zeroday/FG-VD-15-015 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2325 https://bugzilla.redhat.com/show_bug.cgi?id=1207198 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2015-2326 – pcre: heap buffer over-read in pcre_compile2() (8.37/23)
https://notcve.org/view.php?id=CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". La función pcre_compile2 en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incorrecto y causar una denegación de servicio (lectura fuera de límites) mediante una expresión regular con un grupo que contiene una llamada de subrutina de referencia directa y una referencia inversa recursiva, como es demostrado por "((? +1)(\1))/". • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html https://bugs.exim.org/show_bug.cgi?id=1592 https://fortiguard.com/zeroday/FG-VD-15-016 https://www.pcre.org/original/changelog.txt https://access.redhat.com/security/cve/CVE-2015-2326 https://bugzilla.redhat.com/show_bug.cgi?id=1207202 • CWE-125: Out-of-bounds Read •
CVE-2015-4142 – hostapd: integer underflow in AP mode WMM Action frame processing
https://notcve.org/view.php?id=CVE-2015-4142
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Subdesbordamiento de enteros en el analizador sintáctico Frame de WMM Action en hostapd 0.5.5 hasta 2.4 y wpa_supplicant 0.7.0 hasta 2.4, cuando utilizado para la funcionalidad MLME/SME del modo AP, permite a atacantes remotos causar una denegación de servicio (caída) a través de un Frame manipulado, lo que provoca una lectura fuera de rango. An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172608.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172655.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-1090.html http://rhn.redhat.com/errata/RHSA-2015-1439.html http://seclists.org/fulldisclosure/2022/May/34 http://w1.fi/security/2015-3/integer • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2015-4002
https://notcve.org/view.php?id=CVE-2015-4002
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 no asegura que ciertas valores de longitud están lo suficientemente grandes, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema o bucle grande) o posiblemente ejecutar código arbitrario a través de un paquete manipulado, relacionado con las funciones (1) oz_usb_rx y (2) oz_usb_handle_ep_data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74668 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •