Search for packages
| purl | pkg:ebuild/net-wireless/wpa_supplicant@2.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7y9t-7akx-afg7 | The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. |
CVE-2015-4141
|
| VCID-c1uc-msuh-bbgq | The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message. |
CVE-2015-4145
|
| VCID-fwsj-n5rh-53h1 | Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. |
CVE-2015-4142
|
| VCID-kyvg-q58s-cfff | The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message. |
CVE-2015-4144
|
| VCID-mwc1-rpqz-uqcj | The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. |
CVE-2015-4143
|
| VCID-s7gm-17ms-53fd | The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. |
CVE-2015-4146
|
| VCID-ttwt-unqp-mbec | wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. |
CVE-2014-3686
|
| VCID-uyg6-fyc7-fqf5 | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. |
CVE-2015-1863
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T17:28:47.881025+00:00 | Gentoo Importer | Fixing | VCID-s7gm-17ms-53fd | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.844303+00:00 | Gentoo Importer | Fixing | VCID-c1uc-msuh-bbgq | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.807272+00:00 | Gentoo Importer | Fixing | VCID-kyvg-q58s-cfff | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.772817+00:00 | Gentoo Importer | Fixing | VCID-mwc1-rpqz-uqcj | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.740061+00:00 | Gentoo Importer | Fixing | VCID-fwsj-n5rh-53h1 | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.704391+00:00 | Gentoo Importer | Fixing | VCID-7y9t-7akx-afg7 | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.667372+00:00 | Gentoo Importer | Fixing | VCID-uyg6-fyc7-fqf5 | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |
| 2026-06-05T17:28:47.594661+00:00 | Gentoo Importer | Fixing | VCID-ttwt-unqp-mbec | https://security.gentoo.org/glsa/201606-17 | 38.6.0 |