Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4477

Опубликовано: 02 мая 2016
Источник: redhat
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5wpa_supplicantWill not fix
Red Hat Enterprise Linux 6wpa_supplicantWill not fix
Red Hat Enterprise Linux 7wpa_supplicantWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-88
https://bugzilla.redhat.com/show_bug.cgi?id=1332423wpa_supplicant: local configuration update allows privilege escalation

EPSS

Процентиль: 33%
0.0013
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4477

CVSS3: 7.8
ubuntu
больше 9 лет назад

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

nvd логотип

CVE-2016-4477

CVSS3: 7.8
nvd
больше 9 лет назад

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

debian логотип

CVE-2016-4477

CVSS3: 7.8
debian
больше 9 лет назад

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters ...

github логотип

GHSA-3wj5-xm6v-9hmq

CVSS3: 7.8
github
больше 3 лет назад

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.

EPSS

Процентиль: 33%
0.0013
Низкий

7 High

CVSS3

4.4 Medium

CVSS2