CVE-2021-30004

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions wpa supplicant and hostapd version 2.9

Description The issue arises from the mishandling of AlgorithmIdentifier parameters in the tls/pkcs1.c and tls/x509v3.c files, potentially leading to forging attacks.

Recommendations For wpa supplicant and hostapd version 2.9, consider updating to a newer version that addresses the mishandling of AlgorithmIdentifier parameters in tls/pkcs1.c and tls/x509v3.c. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-1159

ALT-PU-2022-1160

ALT-PU-2022-1927

ALT-PU-2022-2423

ALT-PU-2023-1833

AZL-6974

CVE-2021-30004

MGASA-2021-0254

OPENSUSE-SU-2021:0519-1

OPENSUSE-SU-2021:0545-1

OPENSUSE-SU-2021:0563-1

OPENSUSE-SU-2021_0519-1

OPENSUSE-SU-2021_0563-1

OPENSUSE-SU-2024:10846-1

OPENSUSE-SU-2024:11515-1

ROSA-SA-2024-2517

SUSE-SU-2021:1125-1

SUSE-SU-2021:1166-1

SUSE-SU-2021_1125-1

SUSE-SU-2021_1166-1

Affected Products

Alt Linux

Debian

Suse

Hostapd

Wpa Supplicant

CVE-2021-30004

Weakness Enumeration

Related Identifiers

Affected Products

References · 48