CVE-2015-4142
hostapd - security update
EPSS 7.1%
Description
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
How to fix CVE-2015-4142
To remediate CVE-2015-4142, upgrade the affected package to a fixed version below.
- Debian/hostapd—upgrade to 1:0.6.10-2+squeeze2 or later
- Debian/wpa—upgrade to 2.3-2.2 or later
Is CVE-2015-4142 being exploited?
Moderate — EPSS is 7.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:0.6.10-2+squeeze2
- from 0, < 2.3-2.2