CVE-2021-0326 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	A security issue was found in hostapd and wpa_supplicant version 2.9. A missing length check in the p2p_copy_client_info function could lead to a buffer overflow.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1530	wpa_supplicant	2:2.9-7	2:2.9-8	High	Fixed	FS#69525

Date	Advisory	Group	Package	Severity	Type
12 Feb 2021	ASA-202102-25	AVG-1530	wpa_supplicant	High	arbitrary code execution

References
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e

References

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e

Notes
Workaround ========== The issue can be mitigated by disabling P2P, using the control interface command "P2P_SET disabled 1" or "p2p_disabled=1" in (each, if multiple interfaces used) wpa_supplicant configuration file.

Notes

Workaround
==========

The issue can be mitigated by disabling P2P, using the control interface command "P2P_SET disabled 1" or "p2p_disabled=1" in (each, if multiple interfaces used) wpa_supplicant configuration file.