Описание
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
A flaw was found in wpa_supplicant, in the way it handled digest algorithm parameters when validating a signature. This flaw could be exploited to perform potential forging attacks. The highest threat from this vulnerability is to data integrity.
Отчет
This issue only affects the "internal" TLS implementation. The versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6, 7, and 8 are not affected by this flaw, as they use the OpenSSL implementation by default. More specifically, the CONFIG_TLS=internal flag is not set at compile time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 8 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 9 | wpa_supplicant | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...
EPSS
5.3 Medium
CVSS3