Refine your search

2 vulnerabilities found for hostapd by Jouni Malinen

jvndb-2025-000017
Vulnerability from jvndb
Published
2025-03-12 14:19
Modified
2025-03-12 14:19
Severity ?
3.7 (Low) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
hostapd vulnerable to improper processing of RADIUS packets
Details
hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly (CWE-826). KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000017.html",
  "dc:date": "2025-03-12T14:19+09:00",
  "dcterms:issued": "2025-03-12T14:19+09:00",
  "dcterms:modified": "2025-03-12T14:19+09:00",
  "description": "hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly (CWE-826).\r\n\r\nKUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000017.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:jouni_malinen_hostapd",
    "@product": "hostapd",
    "@vendor": "Jouni Malinen",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.7",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-000017",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN19358384/index.html",
      "@id": "JVN#19358384",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24912",
      "@id": "CVE-2025-24912",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "hostapd vulnerable to improper processing of RADIUS packets"
}

CVE-2025-24912 (GCVE-0-2025-24912)
Vulnerability from nvd
Published
2025-03-12 04:43
Modified
2025-03-12 13:21
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
  • CWE-826 - Premature Release of Resource During Expected Lifetime
Summary
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
References
Impacted products
Vendor Product Version
Jouni Malinen hostapd Version: 2.11 and earlier
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T13:21:52.296145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T13:21:59.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hostapd",
          "vendor": "Jouni Malinen",
          "versions": [
            {
              "status": "affected",
              "version": "2.11 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-826",
              "description": "Premature Release of Resource During Expected Lifetime",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T04:43:54.870Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://w1.fi/hostapd/"
        },
        {
          "url": "https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44"
        },
        {
          "url": "https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN19358384/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-24912",
    "datePublished": "2025-03-12T04:43:54.870Z",
    "dateReserved": "2025-01-28T07:05:59.180Z",
    "dateUpdated": "2025-03-12T13:21:59.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}