hostapd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Version 2.11-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1762 2.9-4 2.9-5 Medium Fixed FS#70260
AVG-1322 2.9-3 2.9-4 Medium Fixed FS#68861
AVG-453 2.5-1 2.6-1 High Fixed
AVG-451 2.6-5 High Not affected
AVG-448 2.6-5 2.6-6 High Fixed
AVG-10 2.5-2 2.6-1 High Fixed FS#49196
Issue Group Severity Remote Type Description
CVE-2021-30004 AVG-1762 Medium Yes Signature forgery
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2020-12695 AVG-1322 Medium Yes Proxy injection
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a...
CVE-2017-13088 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep...
CVE-2017-13087 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13086 AVG-453 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13084 AVG-451 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.
CVE-2017-13082 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
CVE-2017-13081 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13080 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13079 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13078 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13077 AVG-448 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2016-4477 AVG-10 High No Privilege escalation
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a...
CVE-2016-4476 AVG-10 Low Yes Denial of service
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter...

Advisories

Date Advisory Group Severity Type
09 Dec 2020 ASA-202012-16 AVG-1322 Medium proxy injection
16 Oct 2017 ASA-201710-23 AVG-448 High man-in-the-middle
04 Oct 2016 ASA-201610-3 AVG-10 High multiple issues