CVE-2019-9499

Name
CVE-2019-9499
Description
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://w1.fi/security/2019-4/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
Mailing List https://seclists.org/bugtraq/2019/May/40
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_16
Mailing List https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* wpa_supplicant >= None <= 2.4
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* hostapd >= 2.5 <= 2.7
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* wpa_supplicant >= 2.5 <= 2.7
cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:* hostapd >= None <= 2.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wpa_supplicant edge-main 2.7-r3 None fixed
wpa_supplicant edge-main 2.7-r2 None fixed
wpa_supplicant edge-main 2.6-r14 None possibly vulnerable
wpa_supplicant edge-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.22-main 2.7-r3 None fixed
wpa_supplicant 3.22-main 2.7-r2 None fixed
wpa_supplicant 3.22-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.22-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.21-main 2.7-r3 None fixed
wpa_supplicant 3.21-main 2.7-r2 None fixed
wpa_supplicant 3.21-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.21-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.20-main 2.7-r3 None fixed
wpa_supplicant 3.20-main 2.7-r2 None fixed
wpa_supplicant 3.20-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.20-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.19-main 2.7-r3 None fixed
wpa_supplicant 3.19-main 2.7-r2 None fixed
wpa_supplicant 3.19-main 2.6-r14 None possibly vulnerable
wpa_supplicant 3.19-main 2.6-r7 None possibly vulnerable
wpa_supplicant 3.18-main 2.7-r2 None fixed
wpa_supplicant 3.17-main 2.7-r2 None fixed
wpa_supplicant 3.12-main 2.7-r2 None fixed
wpa_supplicant 3.11-main 2.7-r2 None fixed
wpa_supplicant 3.10-main 2.7-r2 None fixed
hostapd edge-main 2.6-r2 None possibly vulnerable
hostapd 3.22-main 2.6-r2 None possibly vulnerable
hostapd 3.21-main 2.6-r2 None possibly vulnerable
hostapd 3.20-main 2.6-r2 None possibly vulnerable
hostapd 3.19-main 2.6-r2 None possibly vulnerable