1. Home
  2. CVE Database
  3. CVE-2015-4142
MEDIUM · 4.3

CVE-2015-4142

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a den...

Vulnerability Description

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
W1.FiWpa Supplicant0.7.0
RedhatEnterprise Linux Desktop6.0
RedhatEnterprise Linux Hpc Node6.0
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Workstation6.0
W1.FiHostapd0.7.0
OpensuseOpensuse13.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-4142?

CVE-2015-4142 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a den...

How severe is CVE-2015-4142?

CVE-2015-4142 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4142?

Check the references section above for vendor advisories and patch information. Affected products include: W1.Fi Wpa Supplicant, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.