wpa_supplicant

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A utility providing key negotiation for WPA wireless networks
Version 2:2.10-5 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1626 2:2.9-8 2:2.10-1 High Fixed FS#69784
AVG-1530 2:2.9-7 2:2.9-8 High Fixed FS#69525
AVG-752 1:2.6-11 1:2.6-12 High Fixed
AVG-454 1:2.5-1 1:2.6-1 High Fixed
AVG-452 1:2.6-10 High Not affected
AVG-447 1:2.6-10 1:2.6-11 High Fixed
AVG-11 1:2.5-3 1:2.6-1 High Fixed FS#49196
Issue Group Severity Remote Type Description
CVE-2021-30004 AVG-1626 Medium Yes Signature forgery
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2021-27803 AVG-1626 Medium Yes Arbitrary code execution
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result...
CVE-2021-0535 AVG-1626 High No Privilege escalation
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of...
CVE-2021-0326 AVG-1530 High Yes Arbitrary code execution
A security issue was found in hostapd and wpa_supplicant version 2.9. A missing length check in the p2p_copy_client_info function could lead to a buffer overflow.
CVE-2018-14526 AVG-752 High Yes Information disclosure
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked,...
CVE-2017-13088 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep...
CVE-2017-13087 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13086 AVG-454 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13084 AVG-452 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake.
CVE-2017-13082 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it.
CVE-2017-13081 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13080 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13079 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13078 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13077 AVG-447 High Yes Man-in-the-middle
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2016-4477 AVG-11 High No Privilege escalation
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a...
CVE-2016-4476 AVG-11 Low Yes Denial of service
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter...

Advisories

Date Advisory Group Severity Type
12 Feb 2021 ASA-202102-25 AVG-1530 High arbitrary code execution
16 Oct 2017 ASA-201710-22 AVG-447 High man-in-the-middle
08 Oct 2016 ASA-201610-7 AVG-11 High multiple issues