Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor W1.fi Subscribe
Filtered by product Hostapd
Total 38 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4445 1 W1.fi 1 Hostapd 2023-02-12 4.3 MEDIUM N/A
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.
CVE-2019-5061 1 W1.fi 1 Hostapd 2022-06-17 3.3 LOW 6.5 MEDIUM
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
CVE-2019-5062 1 W1.fi 1 Hostapd 2022-06-17 3.3 LOW 6.5 MEDIUM
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.
CVE-2015-4142 3 Opensuse, Redhat, W1.fi 7 Opensuse, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more 2022-05-17 4.3 MEDIUM N/A
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
CVE-2019-13377 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-04-18 4.3 MEDIUM 5.9 MEDIUM
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
CVE-2022-23303 2 Fedoraproject, W1.fi 3 Fedora, Hostapd, Wpa Supplicant 2022-02-28 6.8 MEDIUM 9.8 CRITICAL
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
CVE-2022-23304 2 Fedoraproject, W1.fi 3 Fedora, Hostapd, Wpa Supplicant 2022-02-28 6.8 MEDIUM 9.8 CRITICAL
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
CVE-2019-10064 2 Debian, W1.fi 2 Debian Linux, Hostapd 2022-01-01 5.0 MEDIUM 7.5 HIGH
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
CVE-2019-9495 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2021-11-03 4.3 MEDIUM 3.7 LOW
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-9494 5 Fedoraproject, Freebsd, Opensuse and 2 more 8 Fedora, Freebsd, Backports Sle and 5 more 2021-11-03 4.3 MEDIUM 5.9 MEDIUM
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
CVE-2020-12695 18 Asus, Broadcom, Canon and 15 more 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more 2021-04-22 7.8 HIGH 7.5 HIGH
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2021-30004 1 W1.fi 2 Hostapd, Wpa Supplicant 2021-04-07 5.0 MEDIUM 5.3 MEDIUM
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2017-13080 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2020-11-10 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2019-9499 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2020-10-22 6.8 MEDIUM 8.1 HIGH
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-9498 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2020-10-22 6.8 MEDIUM 8.1 HIGH
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVE-2019-16275 3 Canonical, Debian, W1.fi 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more 2020-08-24 3.3 LOW 6.5 MEDIUM
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
CVE-2016-4476 2 Canonical, W1.fi 3 Ubuntu Linux, Hostapd, Wpa Supplicant 2020-08-12 5.0 MEDIUM 7.5 HIGH
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
CVE-2017-13087 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-02 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13077 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-02 5.4 MEDIUM 6.8 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2017-13078 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-02 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.