CVE-2015-4142

Published on: 06/15/2015 12:00:00 AM UTC

Last Modified on: 05/17/2022 07:15:00 AM UTC

CVE-2015-4142

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
AV:N/AC:M/Au:N/C:N/I:N/A:P

Certain versions of Opensuse from Opensuse contain the following vulnerability:

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

CVSS2 Score: 4.3 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
hostapd and wpa_supplicant: Multiple vulnerabilities (GLSA 201606-17) — Gentoo Security Third Party Advisory
security.gentoo.org
text/html
 URL Logo GENTOO GLSA-201606-17
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2015:1439
About the security content of iOS 15.5 and iPadOS 15.5 - Apple Support support.apple.com
text/html
 URL Logo CONFIRM support.apple.com/kb/HT213258
[SECURITY] Fedora 21 Update: wpa_supplicant-2.0-17.fc21 lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2015-cfea96144a
USN-2650-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu www.ubuntu.com
text/html
 URL Logo UBUNTU USN-2650-1
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2015:1090
oss-security - CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing www.openwall.com
text/html
 URL Logo MLIST [oss-security] 20150509 CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing
oss-security - Re: CVE request: vulnerability in wpa_supplicant and hostapd www.openwall.com
text/html
 URL Logo MLIST [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd
[SECURITY] Fedora 23 Update: wpa_supplicant-2.4-6.fc23 lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2015-6f16b5e39e
openSUSE-SU-2015:1030-1: moderate: Recommended update for wpa_supplicant Third Party Advisory
lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2015:1030
Full Disclosure: APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 seclists.org
text/html
 URL Logo FULLDISC 20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
wpa_supplicant Integer Overflow in Processing WMM Action Frames Lets Remote Users - SecurityTracker www.securitytracker.com
text/html
 URL Logo SECTRACK 1032625
[SECURITY] Fedora 22 Update: wpa_supplicant-2.4-7.fc22 lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2015-1521e91178
Debian -- Security Information -- DSA-3397-1 wpa www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-3397
Vendor Advisory
w1.fi
text/plain
 URL Logo CONFIRM w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 610416 Apple iOS 15.5 and iPadOS 15.5 Security Update Missing (HT213258)
  • 750549 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2059-1)
  • 750557 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2053-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		OpensuseOpensuse13.1AllAllAll
Operating
System		OpensuseOpensuse13.2AllAllAll
Operating
System		OpensuseOpensuse13.1AllAllAll
Operating
System		OpensuseOpensuse13.2AllAllAll
Operating
System		RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System		RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System		RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System		RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System		RedhatEnterprise Linux Server6.0AllAllAll
Operating
System		RedhatEnterprise Linux Server6.0AllAllAll
Operating
System		RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System		RedhatEnterprise Linux Workstation6.0AllAllAll
ApplicationW1.fiHostapd0.7.0AllAllAll
ApplicationW1.fiHostapd0.7.1AllAllAll
ApplicationW1.fiHostapd0.7.2AllAllAll
ApplicationW1.fiHostapd0.7.3AllAllAll
ApplicationW1.fiHostapd1.0AllAllAll
ApplicationW1.fiHostapd1.1AllAllAll
ApplicationW1.fiHostapd2.0AllAllAll
ApplicationW1.fiHostapd2.1AllAllAll
ApplicationW1.fiHostapd2.2AllAllAll
ApplicationW1.fiHostapd2.3AllAllAll
ApplicationW1.fiHostapd2.4AllAllAll
ApplicationW1.fiHostapd0.7.0AllAllAll
ApplicationW1.fiHostapd0.7.1AllAllAll
ApplicationW1.fiHostapd0.7.2AllAllAll
ApplicationW1.fiHostapd0.7.3AllAllAll
ApplicationW1.fiHostapd1.0AllAllAll
ApplicationW1.fiHostapd1.1AllAllAll
ApplicationW1.fiHostapd2.0AllAllAll
ApplicationW1.fiHostapd2.1AllAllAll
ApplicationW1.fiHostapd2.2AllAllAll
ApplicationW1.fiHostapd2.3AllAllAll
ApplicationW1.fiHostapd2.4AllAllAll
ApplicationW1.fiWpa Supplicant0.7.0AllAllAll
ApplicationW1.fiWpa Supplicant0.7.1AllAllAll
ApplicationW1.fiWpa Supplicant0.7.2AllAllAll
ApplicationW1.fiWpa Supplicant0.7.3AllAllAll
ApplicationW1.fiWpa Supplicant1.0AllAllAll
ApplicationW1.fiWpa Supplicant1.1AllAllAll
ApplicationW1.fiWpa Supplicant2.0AllAllAll
ApplicationW1.fiWpa Supplicant2.1AllAllAll
ApplicationW1.fiWpa Supplicant2.2AllAllAll
ApplicationW1.fiWpa Supplicant2.3AllAllAll
ApplicationW1.fiWpa Supplicant2.4AllAllAll
ApplicationW1.fiWpa Supplicant0.7.0AllAllAll
ApplicationW1.fiWpa Supplicant0.7.1AllAllAll
ApplicationW1.fiWpa Supplicant0.7.2AllAllAll
ApplicationW1.fiWpa Supplicant0.7.3AllAllAll
ApplicationW1.fiWpa Supplicant1.0AllAllAll
ApplicationW1.fiWpa Supplicant1.1AllAllAll
ApplicationW1.fiWpa Supplicant2.0AllAllAll
ApplicationW1.fiWpa Supplicant2.1AllAllAll
ApplicationW1.fiWpa Supplicant2.2AllAllAll
ApplicationW1.fiWpa Supplicant2.3AllAllAll
ApplicationW1.fiWpa Supplicant2.4AllAllAll
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-17 13:11:14
Reddit Logo Icon /r/k12cybersecurity UPDATED MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-18 14:59:44
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report