{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-22T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-2808-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2808-1"}, {"name": "DSA-3397", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2015/dsa-3397"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"}, {"name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2808-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2808-1"}, {"name": "DSA-3397", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2015/dsa-3397"}, {"name": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", "refsource": "CONFIRM", "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"}, {"name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:09.525Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2808-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2808-1"}, {"name": "DSA-3397", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2015/dsa-3397"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"}, {"name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5315", "datePublished": "2018-02-21T16:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:09.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0920644-8B05-465C-A1BE-BAC6344D990E", "versionEndExcluding": "2.6", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."}, {"lang": "es", "value": "La funci\u00f3n eap_pwd_process en eap_peer/eap_pwd.c en wpa_supplicant, en versiones 2.x anteriores a la 2.6, no valida que el b\u00fafer de reensamblaje sea lo bastante grande para el fragmento final cuando EAP-pwd est\u00e1 habilitado en un perfil de configuraci\u00f3n de red. Esto permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (finalizaci\u00f3n del proceso) mediante un fragmento final grande en un mensaje EAP-pwd."}], "id": "CVE-2015-5315", "lastModified": "2024-11-21T02:32:46.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-21T16:29:00.347", "references": [{"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.ubuntu.com/usn/USN-2808-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2015/dsa-3397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.ubuntu.com/usn/USN-2808-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2015/dsa-3397"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wpa_supplicant: EAP-pwd missing last fragment length validation", "id": "1278377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278377"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-20", "details": ["The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."], "name": "CVE-2015-5315", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-11-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5315\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5315\nhttp://w1.fi/security/2015-7/"], "statement": "Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "threat_severity": "Low", "upstream_fix": "hostapd 2.6"}