CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
References
Link Resource
http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Feb/26 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/2 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Mailing List Third Party Advisory
https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 Patch Third Party Advisory
http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Feb/26 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/1 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/27/2 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Mailing List Third Party Advisory
https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:18

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2020/Feb/26 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/Feb/26 - Exploit, Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2020/02/27/1 - Exploit, Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/02/27/1 - Exploit, Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2020/02/27/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/02/27/2 - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html - Mailing List, Third Party Advisory
References () https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 - Patch, Third Party Advisory () https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389 - Patch, Third Party Advisory

01 Jan 2022, 19:31

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html - Mailing List, Third Party Advisory

Information

Published : 2020-02-28 15:15

Updated : 2024-11-21 04:18


NVD link : CVE-2019-10064

Mitre link : CVE-2019-10064

CVE.ORG link : CVE-2019-10064


JSON object : View

Products Affected

debian

  • debian_linux

w1.fi

  • hostapd
CWE
CWE-331

Insufficient Entropy