CVE-2016-4476

Source
Severity Low
Remote Yes
Type Denial of service
Description
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation or through local configuration change over the wpa_supplicant control interface, the resulting configuration file may prevent the hostapd and wpa_supplicant from starting when the updated file is used.
Group Package Affected Fixed Severity Status Ticket
AVG-10 hostapd 2.5-2 2.6-1 High Fixed FS#49196
AVG-11 wpa_supplicant 1:2.5-3 1:2.6-1 High Fixed FS#49196
Date Advisory Group Package Severity Description
08 Oct 2016 ASA-201610-7 AVG-11 wpa_supplicant High multiple issues
04 Oct 2016 ASA-201610-3 AVG-10 hostapd High multiple issues
References
http://www.openwall.com/lists/oss-security/2016/05/03/2