CVE-2019-9496

Name
CVE-2019-9496
Description
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://w1.fi/security/2019-3/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
BUGTRAQ https://seclists.org/bugtraq/2019/May/40
MISC http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html
CONFIRM https://www.synology.com/security/advisory/Synology_SA_19_16
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* wpa_supplicant >= None <= 2.7
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* hostapd >= None <= 2.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wpa_supplicant edge-main 2.7-r3 None possibly vulnerable
wpa_supplicant edge-main 2.7-r2 None possibly vulnerable
wpa_supplicant edge-main 2.6-r7 None possibly vulnerable
wpa_supplicant edge-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.22-main 2.7-r3 None possibly vulnerable
wpa_supplicant 3.22-main 2.7-r2 None possibly vulnerable
wpa_supplicant 3.22-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.22-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.21-main 2.7-r3 None possibly vulnerable
wpa_supplicant 3.21-main 2.7-r2 None possibly vulnerable
wpa_supplicant 3.21-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.21-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.20-main 2.7-r3 None possibly vulnerable
wpa_supplicant 3.20-main 2.7-r2 None possibly vulnerable
wpa_supplicant 3.20-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.20-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.19-main 2.7-r3 None possibly vulnerable
wpa_supplicant 3.19-main 2.7-r2 None possibly vulnerable
wpa_supplicant 3.19-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.19-main 2.6-r14 None possibly vulnerable
hostapd edge-main 2.8-r0 None fixed
hostapd edge-main 2.6-r2 None possibly vulnerable
hostapd 3.22-main 2.8-r0 None fixed
hostapd 3.22-main 2.6-r2 None possibly vulnerable
hostapd 3.21-main 2.8-r0 None fixed
hostapd 3.21-main 2.6-r2 None possibly vulnerable
hostapd 3.20-main 2.8-r0 None fixed
hostapd 3.20-main 2.6-r2 None possibly vulnerable
hostapd 3.19-main 2.8-r0 None fixed
hostapd 3.19-main 2.6-r2 None possibly vulnerable
hostapd 3.18-main 2.8-r0 None fixed
hostapd 3.17-main 2.8-r0 None fixed
hostapd 3.12-main 2.8-r0 None fixed
hostapd 3.11-main 2.8-r0 None fixed
hostapd 3.10-main 2.8-r0 None fixed