CVE-2015-4141
wpa - security update
EPSS 1.5%
Description
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
How to fix CVE-2015-4141
To remediate CVE-2015-4141, upgrade the affected package to a fixed version below.
- Debian/wpa—upgrade to 2.3-2.2 or later
- Debian/wpa—upgrade to 1.0-3+deb7u3 or later
Is CVE-2015-4141 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3-2.2
- from 0, < 1.0-3+deb7u3