{"id":"USN-3455-1","summary":"wpa vulnerabilities","details":"Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. A remote attacker could use this issue with key\nreinstallation attacks to obtain sensitive information. (CVE-2017-13077,\nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A remote attacker could use\nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A local attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-4477)\n","modified":"2026-02-10T04:41:13Z","published":"2017-10-16T15:39:35Z","related":["UBUNTU-CVE-2016-4476","UBUNTU-CVE-2016-4477","UBUNTU-CVE-2017-13077","UBUNTU-CVE-2017-13078","UBUNTU-CVE-2017-13079","UBUNTU-CVE-2017-13080","UBUNTU-CVE-2017-13081","UBUNTU-CVE-2017-13082","UBUNTU-CVE-2017-13086","UBUNTU-CVE-2017-13087","UBUNTU-CVE-2017-13088"],"upstream":["CVE-2016-4476","CVE-2016-4477","CVE-2017-13077","CVE-2017-13078","CVE-2017-13079","CVE-2017-13080","CVE-2017-13081","CVE-2017-13082","CVE-2017-13086","CVE-2017-13087","CVE-2017-13088","UBUNTU-CVE-2016-4476","UBUNTU-CVE-2016-4477","UBUNTU-CVE-2017-13077","UBUNTU-CVE-2017-13078","UBUNTU-CVE-2017-13079","UBUNTU-CVE-2017-13080","UBUNTU-CVE-2017-13081","UBUNTU-CVE-2017-13082","UBUNTU-CVE-2017-13086","UBUNTU-CVE-2017-13087","UBUNTU-CVE-2017-13088"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3455-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4476"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4477"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13077"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13078"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13079"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13080"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13081"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13082"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13086"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13087"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13088"}],"affected":[{"package":{"name":"wpa","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/wpa@2.1-0ubuntu1.5?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1-0ubuntu1.5"}]}],"versions":["1.0-3ubuntu2","1.0-3ubuntu3","1.0-3ubuntu4","2.1-0ubuntu1","2.1-0ubuntu1.1","2.1-0ubuntu1.2","2.1-0ubuntu1.3","2.1-0ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_name":"hostapd","binary_version":"1:2.1-0ubuntu1.5"},{"binary_name":"wpagui","binary_version":"2.1-0ubuntu1.5"},{"binary_name":"wpasupplicant","binary_version":"2.1-0ubuntu1.5"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3455-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2016-4476","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-4477","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-13077","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13078","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13079","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13080","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13081","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13082","severity":[{"score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13086","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13087","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13088","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}]}}},{"package":{"name":"wpa","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/wpa@2.4-0ubuntu6.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4-0ubuntu6.2"}]}],"versions":["2.4-0ubuntu3","2.4-0ubuntu4","2.4-0ubuntu5","2.4-0ubuntu6"],"ecosystem_specific":{"binaries":[{"binary_name":"hostapd","binary_version":"1:2.4-0ubuntu6.2"},{"binary_name":"wpagui","binary_version":"2.4-0ubuntu6.2"},{"binary_name":"wpasupplicant","binary_version":"2.4-0ubuntu6.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3455-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-4476","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2016-4477","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2017-13077","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13078","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13079","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13080","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13081","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13082","severity":[{"score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13086","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13087","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2017-13088","severity":[{"score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}