CVE-2019-13377

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.
Configurations

Configuration 1 (hide)

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:24

Type Values Removed Values Added
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IELLEPIXWQOJFW4SZMU3WQHO63JFAHA4/ -
References () https://seclists.org/bugtraq/2019/Sep/56 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Sep/56 - Mailing List, Third Party Advisory
References () https://usn.ubuntu.com/4098-1/ - Third Party Advisory () https://usn.ubuntu.com/4098-1/ - Third Party Advisory
References () https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503 - Mailing List, Patch, Vendor Advisory () https://w1.fi/cgit/hostap/commit/?id=147bf7b88a9c231322b5b574263071ca6dbb0503 - Mailing List, Patch, Vendor Advisory
References () https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5 - Mailing List, Patch, Vendor Advisory () https://w1.fi/cgit/hostap/commit/?id=cd803299ca485eb857e37c88f973fccfbb8600e5 - Mailing List, Patch, Vendor Advisory
References () https://www.debian.org/security/2019/dsa-4538 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4538 - Third Party Advisory

18 Apr 2022, 16:10

Type Values Removed Values Added
References (BUGTRAQ) https://seclists.org/bugtraq/2019/Sep/56 - (BUGTRAQ) https://seclists.org/bugtraq/2019/Sep/56 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2019/dsa-4538 - (DEBIAN) https://www.debian.org/security/2019/dsa-4538 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CWE CWE-200 CWE-203

Information

Published : 2019-08-15 17:15

Updated : 2024-11-21 04:24


NVD link : CVE-2019-13377

Mitre link : CVE-2019-13377

CVE.ORG link : CVE-2019-13377


JSON object : View

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

fedoraproject

  • fedora

w1.fi

  • hostapd
CWE
CWE-203

Observable Discrepancy