CVE-2019-9498

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-9498
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9498.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9498
Related
Published
2019-04-17T14:29:04Z
Modified
2024-09-11T04:31:41.459388Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpasupplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpasupplicant with EAP-pwd support prior to and including version 2.7 are affected.

References

Affected packages

Alpine:v3.10 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.11 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.12 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.13 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.14 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.15 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.16 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.17 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.18 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.19 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.20 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Alpine:v3.9 / wpa_supplicant

Package

Name
wpa_supplicant
Purl
pkg:apk/alpine/wpa_supplicant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-r2

Affected versions

0.*

0.5.11-r0
0.6.9-r0
0.6.9-r1
0.6.10-r0
0.7.1-r0
0.7.1-r1
0.7.1-r2
0.7.2-r0
0.7.2-r1
0.7.2-r2
0.7.3-r0
0.7.3-r1
0.7.3-r2

1.*

1.0-r0
1.0-r1
1.0-r2
1.1-r0
1.1-r1

2.*

2.0-r0
2.0-r1
2.0-r2
2.0-r3
2.1-r0
2.1-r1
2.1-r2
2.2-r0
2.3-r0
2.3-r1
2.4-r0
2.4-r1
2.4-r2
2.4-r3
2.4-r4
2.4-r5
2.4-r6
2.4-r7
2.4-r8
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.6-r2
2.6-r3
2.6-r4
2.6-r5
2.6-r6
2.6-r7
2.6-r8
2.6-r9
2.6-r10
2.6-r11
2.6-r12
2.6-r13
2.6-r14
2.6-r15
2.7-r0
2.7-r1

Debian:11 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}