You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
mend-for-github-combot
changed the title
sulinoswpa_supplicant-2.9: 3 vulnerabilities (highest severity is: 9.8)
sulinoswpa_supplicant-2.9: 4 vulnerabilities (highest severity is: 9.8)
Feb 29, 2024
mend-for-github-combot
changed the title
sulinoswpa_supplicant-2.9: 4 vulnerabilities (highest severity is: 9.8)
sulinoswpa_supplicant-2.9: 7 vulnerabilities (highest severity is: 9.8)
Mar 12, 2024
Vulnerable Library - sulinoswpa_supplicant-2.9
Indipendent distro uses inary package system. Sulin is roolling donkey
Library home page: https://sourceforge.net/projects/sulinos/
Vulnerable Source Files (1)
/vendor/hostapd-2.9/src/p2p/p2p_pd.c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-0516
Vulnerable Library - sulinoswpa_supplicant-2.9
Indipendent distro uses inary package system. Sulin is roolling donkey
Library home page: https://sourceforge.net/projects/sulinos/
Found in base branch: main
Vulnerable Source Files (1)
/vendor/hostapd-2.9/src/p2p/p2p_pd.c
Vulnerability Details
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448
Publish Date: 2021-06-21
URL: CVE-2021-0516
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://source.android.com/security/bulletin/2021-06-01
Release Date: 2021-06-21
Fix Resolution: android-11.0.0_r38
CVE-2021-38185
Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9
Vulnerability Details
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Publish Date: 2021-08-08
URL: CVE-2021-38185
CVSS 3 Score Details (7.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-38185
Release Date: 2021-08-08
Fix Resolution: cpio - 2.13+dfsg-5
CVE-2021-27803
Vulnerable Library - sulinoswpa_supplicant-2.9
Indipendent distro uses inary package system. Sulin is roolling donkey
Library home page: https://sourceforge.net/projects/sulinos/
Found in base branch: main
Vulnerable Source Files (1)
/vendor/hostapd-2.9/src/p2p/p2p_pd.c
Vulnerability Details
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Publish Date: 2021-02-26
URL: CVE-2021-27803
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-27803
Release Date: 2021-02-26
Fix Resolution: wpa_supplicant - 2.6-12,2.9-2,2.7-2,2.9-2,2.9-2,2.9-2,2.9-2,2.6-12,2.7-2,2.9-2,2.7-2,2.9-2,2.6-12,2.9-2,2.9-2,2.7-2,2.6-12,2.9-2,2.7-2;wpa_supplicant-debugsource - 2.7-2,2.9-2,2.9-2;wpa_supplicant-debuginfo - 2.9-2,2.9-2,2.6-12,2.7-2
CVE-2019-14866
Vulnerable Library - sulinoswpa_supplicant-2.9
Indipendent distro uses inary package system. Sulin is roolling donkey
Library home page: https://sourceforge.net/projects/sulinos/
Found in base branch: main
Vulnerable Source Files (1)
/vendor/cpio-2.12/src/copyout.c
Vulnerability Details
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
Publish Date: 2020-01-07
URL: CVE-2019-14866
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866
Release Date: 2020-01-10
Fix Resolution: release_2_13
CVE-2023-52160
Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9
Vulnerability Details
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Publish Date: 2024-02-22
URL: CVE-2023-52160
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-52160
Release Date: 2024-02-22
Fix Resolution: 8e6485a1bcb0baffdea9e55255a81270b768439c
CVE-2021-30004
Vulnerable Libraries - sulinoswpa_supplicant-2.9, sulinoswpa_supplicant-2.9
Vulnerability Details
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
Publish Date: 2021-04-02
URL: CVE-2021-30004
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-30004
Release Date: 2021-04-02
Fix Resolution: wpa-supplicant - 2.9
CVE-2023-7207
Vulnerable Library - sulinoswpa_supplicant-2.9
Indipendent distro uses inary package system. Sulin is roolling donkey
Library home page: https://sourceforge.net/projects/sulinos/
Found in base branch: main
Vulnerable Source Files (1)
/vendor/cpio-2.12/src/copyin.c
Vulnerability Details
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
Publish Date: 2024-02-29
URL: CVE-2023-7207
CVSS 3 Score Details (4.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163
Release Date: 2024-02-29
Fix Resolution: v2.14
The text was updated successfully, but these errors were encountered: