CVE-2019-10064
Published: 28 February 2020
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
wpa Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(2:2.6-15ubuntu2.5)
|
| eoan |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| focal |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| groovy |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| hirsute |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| impish |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| jammy |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| kinetic |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| lunar |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| mantic |
Not vulnerable
(2:2.9-1ubuntu2)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(2:2.6-7)
|
|
| xenial |
Needed
|
|
|
Patches: upstream: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |