CVE-2021-27803

NameCVE-2021-27803
DescriptionA vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2581-1, DSA-4898-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wpa (PTS)stretch2:2.4-1+deb9u6vulnerable
stretch (security)2:2.4-1+deb9u9fixed
buster2:2.7+git20190128+0c1e29f-6+deb10u2vulnerable
buster (security)2:2.7+git20190128+0c1e29f-6+deb10u3fixed
bullseye, sid2:2.9.0-21fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wpasourcestretch2:2.4-1+deb9u9DLA-2581-1
wpasourcebuster2:2.7+git20190128+0c1e29f-6+deb10u3DSA-4898-1
wpasource(unstable)2:2.9.0-21

Notes

https://www.openwall.com/lists/oss-security/2021/02/25/3
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

Search for package or bug name: Reporting problems