CVE-2015-4141

EPSS 1.5%

wpa - security update

Published: 6/15/2015Modified: 3/9/2026

Also known as:DSA-3397-1DEBIAN-CVE-2015-4141

Description

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.

Affected packages (2)

Debian/wpafrom 0, < 2.3-2.2
Debian/wpafrom 0, < 1.0-3+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-4141