CVE-2016-4477 Information
Feb 14, 2021
cve
Description
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters which allows local users to trigger arbitrary library loading and consequently gain privileges or cause a denial of service (daemon outage) via a crafted (1) SET (2) SET_CRED or (3) SET_NETWORK command.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://source.android.com/security/bulletin/2016-05-01.html http://www.openwall.com/lists/oss-security/2016/05/03/12 http://www.ubuntu.com/usn/USN-3455-1
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: