AVG-1626 log
Package | wpa_supplicant |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 2:2.9-8 |
Fixed | 2:2.10-1 |
Current | 2:2.11-2 [core] |
Ticket | FS#69784 |
Created | Sat Feb 27 09:07:13 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-30004 | Medium | Yes | Signature forgery | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
CVE-2021-27803 | Medium | Yes | Arbitrary code execution | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result... |
CVE-2021-0535 | High | No | Privilege escalation | In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of... |