hostapd and wpa_supplicant security advisories

2014-1
wpa_cli and hostapd_cli action script execution vulnerability
2015-1
wpa_supplicant P2P SSID processing vulnerability
2015-2
WPS UPnP vulnerability with HTTP chunked transfer encoding
2015-3
Integer underflow in AP mode WMM Action frame processing
2015-4
EAP-pwd missing payload length validation
2015-5
Incomplete WPS and P2P NFC NDEF record payload length validation
2015-6
wpa_supplicant unauthorized WNM Sleep Mode GTK control
2015-7
EAP-pwd missing last fragment length validation
2015-8
EAP-pwd peer error path failure on unexpected Confirm message
2016-1
psk configuration parameter update allowing arbitrary data to be written
2017-1
WPA packet number reuse with replayed messages and key reinstallation
2018-1
Unauthenticated EAPOL-Key decryption in wpa_supplicant
2019-1
SAE side-channel attacks
2019-2
EAP-pwd side-channel attack
2019-3
SAE confirm missing state validation
2019-4
EAP-pwd missing commit validation
2019-5
EAP-pwd message reassembly issue with unexpected fragment
2019-6
SAE/EAP-pwd side-channel attack update
2019-7
AP mode PMF disconnection protection bypass
2020-1
UPnP SUBSCRIBE misbehavior in hostapd WPS AP
2020-2
wpa_supplicant P2P group information processing vulnerability
2021-1
wpa_supplicant P2P provision discovery processing vulnerability
2022-1
SAE/EAP-pwd side-channel attack update 2

Jouni Malinen