[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1863Date: (C)2015-05-11   (M)2023-12-22


Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 6.5
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032192
http://www.securityfocus.com/archive/1/535353/100/0/threaded
http://seclists.org/fulldisclosure/2015/Apr/82
BID-74296
DSA-3233
GLSA-201606-17
RHSA-2015:1090
USN-2577-1
http://packetstormsecurity.com/files/131598/Android-wpa_supplicant-Heap-Overflow.html
http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
openSUSE-SU-2015:0813

CPE    16
cpe:/o:opensuse:opensuse:13.1
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/a:w1.fi:wpa_supplicant:2.2
cpe:/a:w1.fi:wpa_supplicant:2.1
...
CWE    1
CWE-119
OVAL    9
oval:org.secpod.oval:def:108789
oval:org.secpod.oval:def:1501035
oval:org.secpod.oval:def:109373
oval:org.secpod.oval:def:108854
...

© SecPod Technologies