hostapd and wpa_supplicant security advisories
- 2014-1
- wpa_cli and hostapd_cli action script execution vulnerability
- 2015-1
- wpa_supplicant P2P SSID processing vulnerability
- 2015-2
- WPS UPnP vulnerability with HTTP chunked transfer encoding
- 2015-3
- Integer underflow in AP mode WMM Action frame processing
- 2015-4
- EAP-pwd missing payload length validation
- 2015-5
- Incomplete WPS and P2P NFC NDEF record payload length validation
- 2015-6
- wpa_supplicant unauthorized WNM Sleep Mode GTK control
- 2015-7
- EAP-pwd missing last fragment length validation
- 2015-8
- EAP-pwd peer error path failure on unexpected Confirm message
- 2016-1
- psk configuration parameter update allowing arbitrary data to be written
- 2017-1
- WPA packet number reuse with replayed messages and key reinstallation
- 2018-1
- Unauthenticated EAPOL-Key decryption in wpa_supplicant
- 2019-1
- SAE side-channel attacks
- 2019-2
- EAP-pwd side-channel attack
- 2019-3
- SAE confirm missing state validation
- 2019-4
- EAP-pwd missing commit validation
- 2019-5
- EAP-pwd message reassembly issue with unexpected fragment
- 2019-6
- SAE/EAP-pwd side-channel attack update
- 2019-7
- AP mode PMF disconnection protection bypass
- 2020-1
- UPnP SUBSCRIBE misbehavior in hostapd WPS AP
- 2020-2
- wpa_supplicant P2P group information processing vulnerability
- 2021-1
- wpa_supplicant P2P provision discovery processing vulnerability
- 2022-1
- SAE/EAP-pwd side-channel attack update 2
- 2024-1
- hostapd and RADIUS protocol forgery attacks
- 2024-2
- SAE H2E and incomplete downgrade protection for group negotiation