CVE-2015-4146
Ubuntu Security Notice USN-2650-1
Severity Score
Exploit Likelihood
Affected Versions
16Public Exploits
0Exploited in Wild
-Decision
Descriptions
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
La implementación EAP-pwd peer en hostapd y wpa_supplicant 1.0 hasta 2.4 no limpia los indicadores L (Length) y M (More) antes de determinar si una respuesta debe ser fragmentada, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje manipulado.
Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-31 CVE Reserved
- 2015-06-15 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmenta... | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2015/05/09/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/05/31/6 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-06/msg0001... | 2018-10-30 | |
| http://w1.fi/security/2015-4/eap-pwd-missing-payload-lengt... | 2018-10-30 | |
| http://www.debian.org/security/2015/dsa-3397 | 2018-10-30 | |
| http://www.ubuntu.com/usn/USN-2650-1 | 2018-10-30 | |
| https://security.gentoo.org/glsa/201606-17 | 2018-10-30 |