AVG-1626 log

Package wpa_supplicant
Status Fixed
Severity High
Type multiple issues
Affected 2:2.9-8
Fixed 2:2.10-1
Current 2:2.10-8 [core]
Ticket FS#69784
Created Sat Feb 27 09:07:13 2021
Issue Severity Remote Type Description
CVE-2021-30004 Medium Yes Signature forgery
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2021-27803 Medium Yes Arbitrary code execution
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result...
CVE-2021-0535 High No Privilege escalation
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of...