CVE-2021-30004

NameCVE-2021-30004
DescriptionIn wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wpa (PTS)bullseye (security), bullseye2:2.9.0-21+deb11u2vulnerable
bookworm, bookworm (security)2:2.10-12+deb12u2vulnerable
sid, trixie2:2.10-22vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wpasource(unstable)(unfixed)unimportant

Notes

https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal)
but Debian builds with CONFIG_TLS=openssl

Search for package or bug name: Reporting problems