CVE-2019-9496

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Published : 2019-04-17 14:29 Updated : 2019-05-15 22:29

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
W1.fi Hostapd 2.7 cpe:/a:w1.fi:hostapd:2.7
W1.fi Wpa Supplicant 2.7 cpe:/a:w1.fi:wpa_supplicant:2.7
Fedoraproject Fedora 28 cpe:/o:fedoraproject:fedora:28
Fedoraproject Fedora 29 cpe:/o:fedoraproject:fedora:29
Fedoraproject Fedora 30 cpe:/o:fedoraproject:fedora:30
  1. W1.fi (2) Search CVE
    1. Hostapd (1) Search CVE
      1. 2.7
    2. Wpa Supplicant (1) Search CVE
      1. 2.7
  2. Fedoraproject (1) Search CVE
    1. Fedora (3) Search CVE
      1. 28
      2. 29
      3. 30

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-05-15 22:29
2019-05-15 17:29
2019-05-15 12:29
2019-05-15 02:29
2019-05-10 20:04
2019-04-28 00:29
2019-04-23 22:29
2019-04-18 13:32
2019-04-17 14:29

New CVE