{"id":"MGASA-2021-0075","summary":"Updated wpa_supplicant packages fix a security vulnerability","details":"A vulnerability was discovered in how wpa_supplicant processing P2P\n(Wi-Fi Direct) group information from active group owners. The actual\nparsing of that information validates field lengths appropriately, but\nprocessing of the parsed information misses a length check when storing\na copy of the secondary device types. This can result in writing\nattacker controlled data into the peer entry after the area assigned for\nthe secondary device type. The overflow can result in corrupting\npointers for heap allocations. This can result in an attacker within\nradio range of the device running P2P discovery being able to cause\nunexpected behavior, including termination of the wpa_supplicant process\nand potentially arbitrary code execution.\n\nAn attacker (or a system controlled by the attacker) needs to be within\nradio range of the vulnerable system to send a suitably constructed\nmanagement frame that triggers a P2P peer device information to be\ncreated or updated. (CVE-2021-0326).\n","modified":"2026-04-16T00:09:47.862515747Z","published":"2021-02-08T17:58:05Z","upstream":["CVE-2021-0326"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0075.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28291"},{"type":"WEB","url":"https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt"}],"affected":[{"package":{"name":"wpa_supplicant","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/wpa_supplicant?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9-1.3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0075.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}