PT-2015-2755 · Hostap+3 · Hostapd+3

Published

2015-11-09

·

Updated

2024-06-15

·

CVE-2015-8041

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions hostapd versions prior to 2.5 wpa supplicant versions prior to 2.5
Description The issue is related to multiple integer overflows in the NDEF record parser, which can be exploited by remote attackers to cause a denial of service, such as a process crash or infinite loop. This can be achieved by sending a large payload length field value in a WPS or P2P NFC NDEF record, resulting in an out-of-bounds read. The exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service by setting too large values in the WPS or P2P NFC NDEF fields.
Recommendations For hostapd versions prior to 2.5, update to version 2.5 or later to resolve the issue. For wpa supplicant versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to WPS and P2P NFC NDEF records to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2016-1915
ALT-PU-2016-1916
BDU:2015-12120
CVE-2015-8041
DSA-3397-1
OPENSUSE-SU-2020:2053-1
OPENSUSE-SU-2020:2059-1
OPENSUSE-SU-2020_2053-1
OPENSUSE-SU-2020_2059-1
OPENSUSE-SU-2024:11515-1
SUSE-SU-2016:2305-1
SUSE-SU-2020:3380-1
SUSE-SU-2020:3424-1
SUSE-SU-2020_3424-1
SUSE-SU-2022:1853-1
SUSE-SU-2022_1853-1

Affected Products

Alt Linux
Suse
Hostapd
Wpa Supplicant