Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Published

2020-02-28T15:15:11.993

Last Modified

2024-11-21T04:18:19.300

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-331

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	w1.fi	hostapd	< 2.6	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2020/Feb/26 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/02/27/2 Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Mailing List, Third Party Advisory ([email protected])
https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 Patch, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Feb/26 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/02/27/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)