| CVE-2021-30004 |
AVG-1626 |
Medium |
Yes |
Signature forgery |
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
| CVE-2021-27803 |
AVG-1626 |
Medium |
Yes |
Arbitrary code execution |
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result... |
| CVE-2021-0535 |
AVG-1626 |
High |
No |
Privilege escalation |
In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of... |
| CVE-2021-0326 |
AVG-1530 |
High |
Yes |
Arbitrary code execution |
A security issue was found in hostapd and wpa_supplicant version 2.9. A missing length check in the p2p_copy_client_info function could lead to a buffer overflow. |
| CVE-2018-14526 |
AVG-752 |
High |
Yes |
Information disclosure |
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked,... |
| CVE-2017-13088 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep... |
| CVE-2017-13087 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. |
| CVE-2017-13086 |
AVG-454 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. |
| CVE-2017-13084 |
AVG-452 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the short term key (STK) in the PeerKey handshake. |
| CVE-2017-13082 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key (PTK) while processing it. |
| CVE-2017-13081 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the group key handshake. |
| CVE-2017-13080 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the group key handshake. |
| CVE-2017-13079 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the integrity group key (IGTK) in the 4-way handshake. |
| CVE-2017-13078 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the group key (GTK) in the 4-way handshake. |
| CVE-2017-13077 |
AVG-447 |
High |
Yes |
Man-in-the-middle |
A vulnerability has been discovered that allows reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. |
| CVE-2016-4477 |
AVG-11 |
High |
No |
Privilege escalation |
The local configuration update through the control interface SET_NETWORK command could allow privilege escalation for the local user to run code from a... |
| CVE-2016-4476 |
AVG-11 |
Low |
Yes |
Denial of service |
A vulnerability was found in how hostapd and wpa_supplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter... |