CVE-2019-9496

Name
CVE-2019-9496
Description
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://w1.fi/security/2019-3/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
BUGTRAQ https://seclists.org/bugtraq/2019/May/40
MISC http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
CONFIRM https://www.synology.com/security/advisory/Synology_SA_19_16
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* wpa_supplicant >= None <= 2.7
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* hostapd >= None <= 2.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status