Lucene search

[email protected]CVE-2015-1863

HistoryApr 28, 2015 - 2:59 p.m.

CVE-2015-1863

2015-04-2814:59:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-1863

wpa_supplicant

buffer overflow

denial of service

remote attackers

memory read

arbitrary code execution

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.03

Percentile

90.9%

JSON

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

w1.fiwpa_supplicantMatch1.0

w1.fiwpa_supplicantMatch1.1

w1.fiwpa_supplicantMatch2.0

w1.fiwpa_supplicantMatch2.1

w1.fiwpa_supplicantMatch2.2

w1.fiwpa_supplicantMatch2.3

w1.fiwpa_supplicantMatch2.4

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

VendorProductVersionCPE
canonicalubuntu_linux14.10cpe:/o:canonical:ubuntu_linux:14.10:::
canonicalubuntu_linux15.04cpe:/o:canonical:ubuntu_linux:15.04:::
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04::lts:

Vendor	Product	Version	CPE
canonical	ubuntu_linux	14.10	cpe:/o:canonical:ubuntu_linux:14.10:::
canonical	ubuntu_linux	15.04	cpe:/o:canonical:ubuntu_linux:15.04:::
canonical	ubuntu_linux	14.04	cpe:/o:canonical:ubuntu_linux:14.04::lts: