Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-5316

Опубликовано: 21 фев. 2018
Источник: debian

Описание

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wpafixed2.3-2.3package
wpanot-affectedwheezypackage
wpasupplicantnot-affectedpackage
hostapdnot-affectedpackage

Примечания

  • http://w1.fi/security/2015-8/

  • https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt

  • https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch

Связанные уязвимости

ubuntu логотип

CVE-2015-5316

CVSS3: 5.9
ubuntu
почти 8 лет назад

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.

redhat логотип

CVE-2015-5316

redhat
около 10 лет назад

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.

nvd логотип

CVE-2015-5316

CVSS3: 5.9
nvd
почти 8 лет назад

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.

github логотип

GHSA-6mw8-f5p4-3j6f

CVSS3: 5.9
github
больше 3 лет назад

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.