Buffer overflow in p2p_copy_client_info (CVE-2021-0326)

Jouni Malinen j at w1.fi
Wed Feb 3 18:16:16 EST 2021

On Wed, Feb 03, 2021 at 05:51:02PM +0100, Jonas Witschel wrote:
> according to the recently released Android Security Bulletin—February 2021 [1],
> wpa_supplicant as used by Android is affected by a buffer overflow in
> p2p_copy_client_info. The issue is deemed critical by Google and given the CVE
> identifier CVE-2021-0326, a patch is available at [2].
> However, I could not find this patch in the current master branch of the
> upstream hostapd repository at w1.fi [3]. Should it be applied upstream as
> well?

Yes, it is there now:

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list