Your submission was sent successfully! Close

CVE-2019-10064

Published: 28 February 2020

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2:2.6-15ubuntu2.5)
eoan Not vulnerable
(2:2.9-1ubuntu2)
focal Not vulnerable
(2:2.9-1ubuntu2)
groovy Not vulnerable
(2:2.9-1ubuntu2)
hirsute Not vulnerable
(2:2.9-1ubuntu2)
impish Not vulnerable
(2:2.9-1ubuntu2)
jammy Not vulnerable
(2:2.9-1ubuntu2)
precise Does not exist

trusty Needed

upstream
Released (2:2.6-7)
xenial Needed

Patches:
upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e
Binaries built from this source package are in Universe and so are supported by the community.