Your submission was sent successfully! Close

CVE-2019-13377

Published: 8 August 2019

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
bionic
Released (2:2.6-15ubuntu2.4)
disco
Released (2:2.6-21ubuntu3.2)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)