CVE-2021-27803 | Vulnerability Database | Aqua Security

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Affected Software

Name	Vendor	Start Version	End Version
Wpa_supplicant	W1.fi	1.0 (including)	2.10 (excluding)
Wpa	Ubuntu	bionic	*
Wpa	Ubuntu	devel	*
Wpa	Ubuntu	focal	*
Wpa	Ubuntu	groovy	*
Wpa	Ubuntu	trusty	*
Wpa	Ubuntu	trusty/esm	*
Wpa	Ubuntu	upstream	*
Wpa	Ubuntu	xenial	*
Red Hat Enterprise Linux 7	RedHat	wpa_supplicant-1:2.6-12.el7_9.2	*
Red Hat Enterprise Linux 8	RedHat	wpa_supplicant-1:2.9-2.el8_3.1	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	wpa_supplicant-1:2.7-2.el8_1.1	*
Red Hat Enterprise Linux 8.2 Extended Update Support	RedHat	wpa_supplicant-1:2.9-2.el8_2.1	*

References

http://www.openwall.com/lists/oss-security/2021/02/27/1
https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
https://www.debian.org/security/2021/dsa-4898
https://www.openwall.com/lists/oss-security/2021/02/25/3

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-27803
CWE	https://cwe.mitre.org/data/definitions/.html