CVE-2016-4476 : denial of service via crafted WPA/WPA2 passphrase parameter. wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service via a crafted WPS operation.