CVE-2015-4141

Summary

CVE	CVE-2015-4141
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-06-15 15:59:00 UTC
Updated	2018-10-30 16:27:00 UTC
Description	The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.2	All	All	All
Application	W1.fi	Hostapd	0.7.0	All	All	All
Application	W1.fi	Hostapd	0.7.1	All	All	All
Application	W1.fi	Hostapd	0.7.2	All	All	All
Application	W1.fi	Hostapd	0.7.3	All	All	All
Application	W1.fi	Hostapd	1.0	All	All	All
Application	W1.fi	Hostapd	1.1	All	All	All
Application	W1.fi	Hostapd	2.0	All	All	All
Application	W1.fi	Hostapd	2.1	All	All	All
Application	W1.fi	Hostapd	2.2	All	All	All
Application	W1.fi	Hostapd	2.3	All	All	All
Application	W1.fi	Hostapd	2.4	All	All	All
Application	W1.fi	Hostapd	0.7.0	All	All	All
Application	W1.fi	Hostapd	0.7.1	All	All	All
Application	W1.fi	Hostapd	0.7.2	All	All	All
Application	W1.fi	Hostapd	0.7.3	All	All	All
Application	W1.fi	Hostapd	1.0	All	All	All
Application	W1.fi	Hostapd	1.1	All	All	All
Application	W1.fi	Hostapd	2.0	All	All	All
Application	W1.fi	Hostapd	2.1	All	All	All
Application	W1.fi	Hostapd	2.2	All	All	All
Application	W1.fi	Hostapd	2.3	All	All	All
Application	W1.fi	Hostapd	2.4	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.0	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.1	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.2	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.3	All	All	All
Application	W1.fi	Wpa Supplicant	1.0	All	All	All
Application	W1.fi	Wpa Supplicant	1.1	All	All	All
Application	W1.fi	Wpa Supplicant	2.0	All	All	All
Application	W1.fi	Wpa Supplicant	2.1	All	All	All
Application	W1.fi	Wpa Supplicant	2.2	All	All	All
Application	W1.fi	Wpa Supplicant	2.3	All	All	All
Application	W1.fi	Wpa Supplicant	2.4	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.0	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.1	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.2	All	All	All
Application	W1.fi	Wpa Supplicant	0.7.3	All	All	All
Application	W1.fi	Wpa Supplicant	1.0	All	All	All
Application	W1.fi	Wpa Supplicant	1.1	All	All	All
Application	W1.fi	Wpa Supplicant	2.0	All	All	All
Application	W1.fi	Wpa Supplicant	2.1	All	All	All
Application	W1.fi	Wpa Supplicant	2.2	All	All	All
Application	W1.fi	Wpa Supplicant	2.3	All	All	All
Application	W1.fi	Wpa Supplicant	2.4	All	All	All

References

Reference	Source	Link	Tags
hostapd and wpa_supplicant: Multiple vulnerabilities (GLSA 201606-17) — Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
oss-security - CVE request: hostapd/wpa_supplicant - WPS UPnP vulnerability with HTTP chunked transfer encoding	MLIST	www.openwall.com	Mailing List
USN-2650-1: wpa_supplicant and hostapd vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
oss-security - Re: CVE request: vulnerability in wpa_supplicant and hostapd	MLIST	www.openwall.com	Mailing List
openSUSE-SU-2015:1030-1: moderate: Recommended update for wpa_supplicant	SUSE	lists.opensuse.org	Third Party Advisory
Debian -- Security Information -- DSA-3397-1 wpa	DEBIAN	www.debian.org
w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt	CONFIRM	w1.fi	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

750549 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2059-1)
750557 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2053-1)