Search CVE reports
1 – 10 of 24 results
CVE-2019-16275
Medium priorityhostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Fixed | Fixed |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9499
Medium priorityThe implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Fixed | Fixed |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9498
Medium priorityThe implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Fixed | Fixed |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9497
Medium priorityThe implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Fixed | Fixed |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9496
Medium priorityAn invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Not affected | Not affected |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9495
Medium priorityThe implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Fixed | Fixed |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2019-9494
Medium priorityThe implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side...
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | Not affected | Not affected |
| wpasupplicant | — | — | — | Not in release | Not in release |
CVE-2015-0210
Medium prioritywpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
2 affected packages
wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| wpa | — | — | — | — | — |
| wpasupplicant | — | — | — | — | — |
CVE-2016-4477
Low prioritySome fixes available 11 of 15
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon...
3 affected packages
hostapd, wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hostapd | — | — | Not in release | Not in release | Not in release |
| wpa | — | — | Fixed | Fixed | Fixed |
| wpasupplicant | — | — | Not in release | Not in release | Not in release |
CVE-2016-4476
Low prioritySome fixes available 11 of 15
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
3 affected packages
hostapd, wpa, wpasupplicant
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hostapd | — | — | Not in release | Not in release | Not in release |
| wpa | — | — | Fixed | Fixed | Fixed |
| wpasupplicant | — | — | Not in release | Not in release | Not in release |