CVE-2016-10743

Published: 23 March 2019

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
Upstream
Released (2:2.6-7)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2:2.6-15ubuntu2.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.4-0ubuntu6.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1-0ubuntu1.7)
Patches:
Upstream: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389

Notes

AuthorNote
mdeslaur
low-quality PRNG is only used as a fallback if /dev/urandom
can't be opened

References