hostapd: denial of service

• CVE-2015-4141 (denial of service)

A vulnerability was found in the WPS UPnP function shared by hostapd
(WPS AP) and wpa_supplicant (WPS external registrar). This
may allow a possible denial of service attack through

• CVE-2015-4142 (denial of service)

A vulnerability was found in WMM Action frame processing in a case where
hostapd or wpa_supplicant is used to implement AP mode MLME/SME
functionality (i.e., Host AP driver of a mac80211-based driver on
Linux). This vulnerability can be used to perform denial of service attacks by
an attacker that is within radio range of the AP that uses hostapd of
wpa_supplicant for MLME/SME operations.

• CVE-2015-4143 (denial of service)

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0
through 2.4 allows remote attackers to cause a denial of service (out-of-bounds
read and crash) via a crafted (1) Commit or (2) Confirm message payload.

• CVE-2015-4144 (denial of service)

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0
through 2.4 does not validate that a message is long enough to contain the
Total-Length field, which allows remote attackers to cause a denial of service
(crash) via a crafted message.

• CVE-2015-4145 (denial of service)

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0
through 2.4 does not validate a fragment is already being processed, which
allows remote attackers to cause a denial of service (memory leak) via a crafted
message.

• CVE-2015-4146 (denial of service)

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4
does not clear the L (Length) and M (More) flags before determining if a
response should be fragmented, which allows remote attackers to cause a denial
of service (crash) via a crafted message.