CVE-2015-4145

Name of the Vulnerable Software and Affected Versions hostapd and wpa supplicant versions 1.0 through 2.4

Description The issue concerns the EAP-pwd server and peer implementation, which fails to validate if a fragment is already being processed. This allows remote attackers to cause a denial of service, specifically a memory leak, by sending a crafted message. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For hostapd and wpa supplicant versions 1.0 through 2.4, consider applying a patch or update that addresses the EAP-pwd server and peer implementation issue to prevent the denial of service caused by the memory leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.