Denial of service in wpa_supplicant
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2015-5316 CVE-2015-5315 |
| CWE-ID | CWE-476 CWE-805 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
wpa_supplicant Server applications / Encryption software |
| Vendor | Jouni Malinen |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU11269
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5316
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the eap_pwd_perform_confirm_exchangefunction due to NULL pointer dereference. A remote attacker can submit an EAP-pwd Confirm message prior to the Identity exchange and cause the service to crash.
Update to version 2.6.
Vulnerable software versionswpa_supplicant: 2.0.0 - 2.5
External linkshttp://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer access with incorrect length value
EUVDB-ID: #VU11270
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5315
CWE-ID:
CWE-805 - Buffer Access with Incorrect Length Value
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the eap_pwd_process function due to missing last fragment length validation. A remote attacker can submit a large buffer fragment in an EAP-pwd message and cause the service to crash.
Update to version 2.6.
Vulnerable software versionswpa_supplicant: 2.0.0 - 2.5
External linkshttp://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
