sulinoswpa_supplicant-2.9: 7 vulnerabilities (highest severity is: 9.8)

[mend-for-github-com]

Vulnerable Library - sulinoswpa_supplicant-2.9

Indipendent distro uses inary package system. Sulin is roolling donkey

Library home page: https://sourceforge.net/projects/sulinos/

Vulnerable Source Files (1)

/vendor/hostapd-2.9/src/p2p/p2p_pd.c

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (sulinoswpa_supplicant version)	Remediation Possible**
CVE-2021-0516	Critical	9.8	sulinoswpa_supplicant-2.9	Direct	android-11.0.0_r38	❌
CVE-2021-38185	High	7.8	detected in multiple dependencies	Direct	cpio - 2.13+dfsg-5	❌
CVE-2021-27803	High	7.5	sulinoswpa_supplicant-2.9	Direct	wpa_supplicant - 2.6-12,2.9-2,2.7-2,2.9-2,2.9-2,2.9-2,2.9-2,2.6-12,2.7-2,2.9-2,2.7-2,2.9-2,2.6-12,2.9-2,2.9-2,2.7-2,2.6-12,2.9-2,2.7-2;wpa_supplicant-debugsource - 2.7-2,2.9-2,2.9-2;wpa_supplicant-debuginfo - 2.9-2,2.9-2,2.6-12,2.7-2	❌
CVE-2019-14866	High	7.3	sulinoswpa_supplicant-2.9	Direct	release_2_13	❌
CVE-2023-52160	Medium	6.5	detected in multiple dependencies	Direct	8e6485a1bcb0baffdea9e55255a81270b768439c	❌
CVE-2021-30004	Medium	5.3	detected in multiple dependencies	Direct	wpa-supplicant - 2.9	❌
CVE-2023-7207	Medium	4.9	sulinoswpa_supplicant-2.9	Direct	v2.14	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-0516

Vulnerable Library - sulinoswpa_supplicant-2.9

Indipendent distro uses inary package system. Sulin is roolling donkey

Library home page: https://sourceforge.net/projects/sulinos/

Found in base branch: main

Vulnerable Source Files (1)

/vendor/hostapd-2.9/src/p2p/p2p_pd.c

Vulnerability Details

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448

Publish Date: 2021-06-21

URL: CVE-2021-0516

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://source.android.com/security/bulletin/2021-06-01

Release Date: 2021-06-21

Fix Resolution: android-11.0.0_r38

CVE-2021-38185

Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9

Vulnerability Details

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

Publish Date: 2021-08-08

URL: CVE-2021-38185

CVSS 3 Score Details (7.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-38185

Release Date: 2021-08-08

Fix Resolution: cpio - 2.13+dfsg-5

CVE-2021-27803

Vulnerable Library - sulinoswpa_supplicant-2.9

Indipendent distro uses inary package system. Sulin is roolling donkey

Library home page: https://sourceforge.net/projects/sulinos/

Found in base branch: main

Vulnerable Source Files (1)

/vendor/hostapd-2.9/src/p2p/p2p_pd.c

Vulnerability Details

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Publish Date: 2021-02-26

URL: CVE-2021-27803

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-27803

Release Date: 2021-02-26

Fix Resolution: wpa_supplicant - 2.6-12,2.9-2,2.7-2,2.9-2,2.9-2,2.9-2,2.9-2,2.6-12,2.7-2,2.9-2,2.7-2,2.9-2,2.6-12,2.9-2,2.9-2,2.7-2,2.6-12,2.9-2,2.7-2;wpa_supplicant-debugsource - 2.7-2,2.9-2,2.9-2;wpa_supplicant-debuginfo - 2.9-2,2.9-2,2.6-12,2.7-2

CVE-2019-14866

Vulnerable Library - sulinoswpa_supplicant-2.9

Indipendent distro uses inary package system. Sulin is roolling donkey

Library home page: https://sourceforge.net/projects/sulinos/

Found in base branch: main

Vulnerable Source Files (1)

/vendor/cpio-2.12/src/copyout.c

Vulnerability Details

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Publish Date: 2020-01-07

URL: CVE-2019-14866

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866

Release Date: 2020-01-10

Fix Resolution: release_2_13

CVE-2023-52160

Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9

Vulnerability Details

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Publish Date: 2024-02-22

URL: CVE-2023-52160

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-52160

Release Date: 2024-02-22

Fix Resolution: 8e6485a1bcb0baffdea9e55255a81270b768439c

CVE-2021-30004

Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9

Vulnerability Details

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

Publish Date: 2021-04-02

URL: CVE-2021-30004

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-30004

Release Date: 2021-04-02

Fix Resolution: wpa-supplicant - 2.9

CVE-2023-7207

Vulnerable Library - sulinoswpa_supplicant-2.9

Indipendent distro uses inary package system. Sulin is roolling donkey

Library home page: https://sourceforge.net/projects/sulinos/

Found in base branch: main

Vulnerable Source Files (1)

/vendor/cpio-2.12/src/copyin.c

Vulnerability Details

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

Publish Date: 2024-02-29

URL: CVE-2023-7207

CVSS 3 Score Details (4.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163

Release Date: 2024-02-29

Fix Resolution: v2.14