Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1:2.4-0ubuntu5", "binary_name": "hostapd" }, { "binary_version": "1:2.4-0ubuntu5", "binary_name": "hostapd-dbgsym" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpagui" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpagui-dbgsym" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpasupplicant" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpasupplicant-dbgsym" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpasupplicant-udeb" }, { "binary_version": "2.4-0ubuntu5", "binary_name": "wpasupplicant-udeb-dbgsym" } ] }