Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wpa_supplicant | W1.fi | * | 2.4 (including) |