CVE-2015-8041

Name	CVE-2015-8041
Description	Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-3397-1
Debian Bugs	795740

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
wpa (PTS)	jessie, jessie (lts)	2.3-1+deb8u15	fixed
	stretch (security)	2:2.4-1+deb9u9	fixed
	stretch (lts), stretch	2:2.4-1+deb9u11	fixed
	buster, buster (lts)	2:2.7+git20190128+0c1e29f-6+deb10u5	fixed
	buster (security)	2:2.7+git20190128+0c1e29f-6+deb10u4	fixed
	bullseye (security), bullseye	2:2.9.0-21+deb11u2	fixed
	bookworm (security), bookworm	2:2.10-12+deb12u2	fixed
	sid, trixie	2:2.10-22	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
hostapd	source	squeeze	(not affected)
hostapd	source	(unstable)	(unfixed)
wpa	source	wheezy	1.0-3+deb7u3	DSA-3397-1
wpa	source	jessie	2.3-1+deb8u3	DSA-3397-1
wpa	source	(unstable)	2.3-2.2		795740
wpasupplicant	source	squeeze	(not affected)
wpasupplicant	source	(unstable)	(unfixed)

Notes

[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
https://www.openwall.com/lists/oss-security/2015/07/08/3
http://w1.fi/security/2015-5/