Fluid Attacks Database

Description

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	wpa	>=0 <2.3-1	2.3-1
debian 13	wpa	>=0 <2.3-1	2.3-1
debian 12	wpa	>=0 <2.3-1	2.3-1
debian 14	wpa	>=0 <2.3-1	2.3-1
rpm rhel7	wpa_supplicant	<1:2.0-13.el7_0	1:2.0-13.el7_0

Aliases

1. CVE-2014-36862. NVD-2014-36863. OSV-DEBIAN-2014-36864. OSV-2014-36865. SECURITY-TRACKER-CVE-2014-3686

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.