UBUNTU-CVE-2015-4146
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 01 Jun 2015, 00:00
Last modified:04 Feb 2026, 04:39
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Jun 2015, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 04:39
Last Modified
Vulnerability information updated
Description
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.
Affected Systems
- ubuntu•wpa
< 2.1-0ubuntu1.3
References (7)
- https://ubuntu.com/security/CVE-2015-4146
- http://w1.fi/security/2015-4/
- http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
- http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- http://www.openwall.com/lists/oss-security/2015/05/07/5
- https://ubuntu.com/security/notices/USN-2650-1
- https://www.cve.org/CVERecord?id=CVE-2015-4146