CVE-2015-8041
EPSS 1.6%
Description
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
How to fix CVE-2015-8041
To remediate CVE-2015-8041, upgrade the affected package to a fixed version below.
- Debian/wpa—upgrade to 2.3-2.2 or later
Is CVE-2015-8041 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.3-2.2