CVE-2015-5316
5.9
MEDIUM
CVSS 3.1
EPSS 1.5%
Description
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
How to fix CVE-2015-5316
To remediate CVE-2015-5316, upgrade the affected package to a fixed version below.
- Debian/wpa—upgrade to 2.3-2.3 or later
Is CVE-2015-5316 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.3-2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |