MGASA-2018-0348

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-14526

Published: 19 Aug 2018, 18:36

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Aug 2018, 18:36

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated wpa_supplicant packages fix security vulnerability Updated wpa_supplicant packages fix security vulnerability: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information (CVE-2018-14526).

Affected Systems

mageia•wpa_supplicant
< 2.6-1.2.mga6

References (4)

https://advisories.mageia.org/MGASA-2018-0348.html
https://bugs.mageia.org/show_bug.cgi?id=23412
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PEFP3OPDXRDJ2KHPPUJVDHUNXFNZFN7Q/