CVE-2015-8041

Name of the Vulnerable Software and Affected Versions hostapd versions prior to 2.5 wpa supplicant versions prior to 2.5

Description The issue is related to multiple integer overflows in the NDEF record parser, which can be exploited by remote attackers to cause a denial of service, such as a process crash or infinite loop. This can be achieved by sending a large payload length field value in a WPS or P2P NFC NDEF record, resulting in an out-of-bounds read. The exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service by setting too large values in the WPS or P2P NFC NDEF fields.

Recommendations For hostapd versions prior to 2.5, update to version 2.5 or later to resolve the issue. For wpa supplicant versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to WPS and P2P NFC NDEF records to minimize the risk of exploitation.