Vulnerabilities > W1 FI > WPA Supplicant > 2.0.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-9495 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. | 3.7 |
| 2019-04-17 | CVE-2019-9494 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. | 5.9 |
| 2018-08-08 | CVE-2018-14526 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. | 3.3 |
| 2018-02-21 | CVE-2015-5316 | NULL Pointer Dereference vulnerability in multiple products The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange. | 4.3 |
| 2018-02-21 | CVE-2015-5315 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. | 4.3 |
| 2018-02-21 | CVE-2015-5314 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message. | 4.3 |
| 2017-08-28 | CVE-2015-0210 | Improper Certificate Validation vulnerability in W1.Fi WPA Supplicant 2.016 wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | 4.3 |
| 2016-05-09 | CVE-2016-4476 | Improper Input Validation vulnerability in multiple products hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. | 5.0 |
| 2015-11-09 | CVE-2015-8041 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. | 5.0 |