Buffer overflow in p2p_copy_client_info (CVE-2021-0326)
Jonas Witschel
diabonas at archlinux.org
Wed Feb 3 11:51:02 EST 2021
Hi,
according to the recently released Android Security Bulletin—February 2021 [1],
wpa_supplicant as used by Android is affected by a buffer overflow in
p2p_copy_client_info. The issue is deemed critical by Google and given the CVE
identifier CVE-2021-0326, a patch is available at [2].
However, I could not find this patch in the current master branch of the
upstream hostapd repository at w1.fi [3]. Should it be applied upstream as
well?
Best regards,
Jonas
[1] https://source.android.com/security/bulletin/2021-02-01
[2] https://android.googlesource.com/platform/external/wpa_supplicant_8/+/0b60cb210510c68871c8d735285bc4915de3bd80%5E!
[3] https://w1.fi/cgit/hostap/tree/src/p2p/p2p.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20210203/7ba20368/attachment.sig>
More information about the Hostap
mailing list