CVE-2019-10064
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-10064
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10064.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-10064
- Related
- Published
- 2020-02-28T15:15:11Z
- Modified
- 2025-02-18T02:06:31.287088Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
- References
-
- http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
- http://seclists.org/fulldisclosure/2020/Feb/26
- http://www.openwall.com/lists/oss-security/2020/02/27/1
- http://www.openwall.com/lists/oss-security/2020/02/27/2
- https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
- https://security-tracker.debian.org/tracker/CVE-2019-10064
Affected packages
Debian:11 / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/debian/wpa?arch=source
Debian:12 / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/debian/wpa?arch=source
Debian:13 / wpa
Package
- Name
- wpa
- Purl
- pkg:deb/debian/wpa?arch=source