CVE-2019-10064
- Source
- https://cve.org/CVERecord?id=CVE-2019-10064
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10064.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-10064
- Downstream
- Published
- 2020-02-28T15:15:11.993Z
- Modified
- 2026-02-10T16:33:01.853324Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
- References
-
- http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://www.openwall.com/lists/oss-security/2020/02/27/1
- http://www.openwall.com/lists/oss-security/2020/02/27/2
- https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
- https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://www.openwall.com/lists/oss-security/2020/02/27/1
- http://www.openwall.com/lists/oss-security/2020/02/27/2
- https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://www.openwall.com/lists/oss-security/2020/02/27/1
Affected packages
Git / git.w1.fi/cgit/hostap
Affected ranges
- Type
- GIT
- Repo
- https://git.w1.fi/cgit/hostap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed98a516eae8260e6fd5c48ddecf8d006285da7389