NVD

Id
28385  
Name
CVE-2015-8041  
Description
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-11-09  
Modified Date
2016-11-28  
Seq
2015-8041  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
149213 28385 CVE-2015-8041 openSUSE-SU-2015:1912  View
149214 28385 CVE-2015-8041 openSUSE-SU-2015:1920  View
149215 28385 CVE-2015-8041 http://w1.fi/security/2015-5/incomplete-wps-and-p2p-nfc-ndef-record-payload-length-validation.txt  View
149216 28385 CVE-2015-8041 [oss-security] 20150708 hostapd/wpa_supplicant - Incomplete WPS and P2P NFC NDEF record payload length validation  View
149217 28385 CVE-2015-8041 75604  View
149218 28385 CVE-2015-8041 https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog  View
149219 28385 CVE-2015-8041 https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
10508 JVNDB-2015-005828 hostapd および wpa_supplicant の NDEF レコードパーサにおける整数オーバーフローの脆弱性 hostapd および wpa_supplicant の NDEF レコードパーサには、整数オーバーフローの脆弱性が存在します。 CVE-2015-8041 85266 CVE-2015-8041 28385 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005828.html 2015-09-27 2015-11-11 View