7.5

CVE-2021-27803

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
W1.FiWpa Supplicant Version >= 1.0 < 2.10
FedoraprojectFedora Version32
FedoraprojectFedora Version33
FedoraprojectFedora Version34
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.23% 0.649
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.4 5.5 6.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.debian.org/security/2021/dsa-4898
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/02/27/1
Third Party Advisory
Mailing List
Mitigation
https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
Patch
Vendor Advisory
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
Vendor Advisory
Mitigation
https://www.openwall.com/lists/oss-security/2021/02/25/3
Third Party Advisory
Mailing List
Mitigation