Fluid Attacks Database

Description

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	wpa	>=0 <2.3-2.3	2.3-2.3
debian 12	wpa	>=0 <2.3-2.3	2.3-2.3
debian 13	wpa	>=0 <2.3-2.3	2.3-2.3
debian 14	wpa	>=0 <2.3-2.3	2.3-2.3

Aliases

1. CVE-2015-53102. NVD-2015-53103. OSV-DEBIAN-2015-53104. OSV-2015-53105. SECURITY-TRACKER-CVE-2015-5310

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.