CVE-2015-4142

Published on: 06/15/2015 12:00:00 AM UTC

Last Modified on: 05/17/2022 07:15:00 AM UTC

AV:N/AC:M/Au:N/C:N/I:N/A:P

Certain versions of Opensuse from Opensuse contain the following vulnerability:

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
hostapd and wpa_supplicant: Multiple vulnerabilities (GLSA 201606-17) — Gentoo Security Third Party Advisory
security.gentoo.org
text/html
URL Logo GENTOO GLSA-201606-17
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2015:1439
About the security content of iOS 15.5 and iPadOS 15.5 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/kb/HT213258
[SECURITY] Fedora 21 Update: wpa_supplicant-2.0-17.fc21 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2015-cfea96144a
USN-2650-1: wpa_supplicant and hostapd vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2650-1
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2015:1090
oss-security - CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing www.openwall.com
text/html
URL Logo MLIST [oss-security] 20150509 CVE request: hostapd/wpa_supplicant - Integer underflow in AP mode WMM Action frame processing
oss-security - Re: CVE request: vulnerability in wpa_supplicant and hostapd www.openwall.com
text/html
URL Logo MLIST [oss-security] 20150531 Re: CVE request: vulnerability in wpa_supplicant and hostapd
[SECURITY] Fedora 23 Update: wpa_supplicant-2.4-6.fc23 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2015-6f16b5e39e
openSUSE-SU-2015:1030-1: moderate: Recommended update for wpa_supplicant Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2015:1030
Full Disclosure: APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 seclists.org
text/html
URL Logo FULLDISC 20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
wpa_supplicant Integer Overflow in Processing WMM Action Frames Lets Remote Users - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1032625
[SECURITY] Fedora 22 Update: wpa_supplicant-2.4-7.fc22 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2015-1521e91178
Debian -- Security Information -- DSA-3397-1 wpa www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3397
Vendor Advisory
w1.fi
text/plain
URL Logo CONFIRM w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt

Related QID Numbers

  • 610416 Apple iOS 15.5 and iPadOS 15.5 Security Update Missing (HT213258)
  • 750549 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2059-1)
  • 750557 OpenSUSE Security Update for wpa_supplicant (openSUSE-SU-2020:2053-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
OpensuseOpensuse13.1AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OpensuseOpensuse13.1AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
ApplicationW1.fiHostapd0.7.0AllAllAll
ApplicationW1.fiHostapd0.7.1AllAllAll
ApplicationW1.fiHostapd0.7.2AllAllAll
ApplicationW1.fiHostapd0.7.3AllAllAll
ApplicationW1.fiHostapd1.0AllAllAll
ApplicationW1.fiHostapd1.1AllAllAll
ApplicationW1.fiHostapd2.0AllAllAll
ApplicationW1.fiHostapd2.1AllAllAll
ApplicationW1.fiHostapd2.2AllAllAll
ApplicationW1.fiHostapd2.3AllAllAll
ApplicationW1.fiHostapd2.4AllAllAll
ApplicationW1.fiHostapd0.7.0AllAllAll
ApplicationW1.fiHostapd0.7.1AllAllAll
ApplicationW1.fiHostapd0.7.2AllAllAll
ApplicationW1.fiHostapd0.7.3AllAllAll
ApplicationW1.fiHostapd1.0AllAllAll
ApplicationW1.fiHostapd1.1AllAllAll
ApplicationW1.fiHostapd2.0AllAllAll
ApplicationW1.fiHostapd2.1AllAllAll
ApplicationW1.fiHostapd2.2AllAllAll
ApplicationW1.fiHostapd2.3AllAllAll
ApplicationW1.fiHostapd2.4AllAllAll
ApplicationW1.fiWpa Supplicant0.7.0AllAllAll
ApplicationW1.fiWpa Supplicant0.7.1AllAllAll
ApplicationW1.fiWpa Supplicant0.7.2AllAllAll
ApplicationW1.fiWpa Supplicant0.7.3AllAllAll
ApplicationW1.fiWpa Supplicant1.0AllAllAll
ApplicationW1.fiWpa Supplicant1.1AllAllAll
ApplicationW1.fiWpa Supplicant2.0AllAllAll
ApplicationW1.fiWpa Supplicant2.1AllAllAll
ApplicationW1.fiWpa Supplicant2.2AllAllAll
ApplicationW1.fiWpa Supplicant2.3AllAllAll
ApplicationW1.fiWpa Supplicant2.4AllAllAll
ApplicationW1.fiWpa Supplicant0.7.0AllAllAll
ApplicationW1.fiWpa Supplicant0.7.1AllAllAll
ApplicationW1.fiWpa Supplicant0.7.2AllAllAll
ApplicationW1.fiWpa Supplicant0.7.3AllAllAll
ApplicationW1.fiWpa Supplicant1.0AllAllAll
ApplicationW1.fiWpa Supplicant1.1AllAllAll
ApplicationW1.fiWpa Supplicant2.0AllAllAll
ApplicationW1.fiWpa Supplicant2.1AllAllAll
ApplicationW1.fiWpa Supplicant2.2AllAllAll
ApplicationW1.fiWpa Supplicant2.3AllAllAll
ApplicationW1.fiWpa Supplicant2.4AllAllAll
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*:
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report