AVG-1626 log
| Package | wpa_supplicant |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 2:2.9-8 |
| Fixed | 2:2.10-1 |
| Current | 2:2.11-2 [core] |
| Ticket | FS#69784 |
| Created | Sat Feb 27 09:07:13 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-30004 | Medium | Yes | Signature forgery | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
| CVE-2021-27803 | Medium | Yes | Arbitrary code execution | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result... |
| CVE-2021-0535 | High | No | Privilege escalation | In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of... |