Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 May 2015 15:15:07 +0300
From: Solar Designer <>
Cc: Jouni Malinen <>
Subject: Re: CVE request: vulnerability in wpa_supplicant and hostapd

On Thu, May 07, 2015 at 01:58:27PM +0200, Martin Prpic wrote:
> Hi, I don't see a CVE assigned for this anywhere:
> "EAP-pwd missing payload length validation
> A vulnerability was found in EAP-pwd server and peer implementation used
> in hostapd and wpa_supplicant, respectively. The EAP-pwd/Commit and
> EAP-pwd/Confirm message payload is processed without verifying that the
> received frame is long enough to include all the fields. This results in
> buffer read overflow of up to couple of hundred bytes."
> Patches are included in:

There are currently 5 sets of advisories+patches at:

These are numbered 2014-1, 2015-[1234].  Out of them, it appears that
only 2014-1 (CVE-2014-3686) and 2015-1 (CVE-2015-1863) have been on
oss-security so far:

I haven't looked into this closely, but maybe Martin's request should
be for 2015-[234] rather than only for 2015-4.

And I'd like to see the full advisories posted in here so that they are
preserved in the list archives, unless there's a reason not to.  Jouni?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ