UBUNTU-CVE-2015-4144
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 01 Jun 2015, 00:00
Last modified:04 Feb 2026, 03:34
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Jun 2015, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 03:34
Last Modified
Vulnerability information updated
Description
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Affected Systems
- ubuntu•wpa
< 2.1-0ubuntu1.3
References (8)
- https://ubuntu.com/security/CVE-2015-4144
- http://w1.fi/security/2015-4/
- http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
- http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
- http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
- http://www.openwall.com/lists/oss-security/2015/05/07/5
- https://ubuntu.com/security/notices/USN-2650-1
- https://www.cve.org/CVERecord?id=CVE-2015-4144