CVE-2019-10064
Published: 28 February 2020
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Priority
Status
Package | Release | Status |
---|---|---|
wpa Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(2:2.6-15ubuntu2.5)
|
eoan |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
focal |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
groovy |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
hirsute |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
impish |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
jammy |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
kinetic |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
lunar |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
mantic |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
trusty |
Needed
|
|
upstream |
Released
(2:2.6-7)
|
|
xenial |
Needed
|
|
Patches: upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e |
||
Binaries built from this source package are in Universe and so are supported by the community. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |