CVE-2019-13377

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-13377
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13377.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-13377
Downstream
Related
Published
2019-08-15T17:15:13.410Z
Modified
2026-02-12T00:27:40.701175Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery.

References

Affected packages

Git / git.w1.fi/cgit/hostap

Affected ranges

Type
GIT
Repo
https://git.w1.fi/cgit/hostap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
147bf7b88a9c231322b5b574263071ca6dbb0503
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cd803299ca485eb857e37c88f973fccfbb8600e5

Affected versions

Other
aosp-jb-start
aosp-kk-from-upstream
hostap-1-bp
hostap_0_6_3
hostap_0_6_4
hostap_0_6_5
hostap_0_6_6
hostap_0_6_7
hostap_0_7_0
hostap_0_7_1
hostap_0_7_2
hostap_2_0
hostap_2_1
hostap_2_2
hostap_2_3
hostap_2_4
hostap_2_5
hostap_2_6
hostap_2_7
hostap_2_8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13377.json"

Git / github.com/libarchive/libarchive

Affected ranges

Type
GIT
Repo
https://github.com/libarchive/libarchive
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13377.json"