Total vulnerabilities in the database
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
Software | From | Fixed in |
---|---|---|
google / android | 5.0.2 | 5.0.2.x |
google / android | 6.0.1 | 6.0.1.x |
google / android | 6.0 | 6.0.x |
google / android | 4.4.4 | 4.4.4.x |
google / android | 5.1.1 | 5.1.1.x |