DEBIAN-CVE-2019-9494

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2019-9494
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-9494.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2019-9494
Upstream
Published
2019-04-17T14:29:03Z
Modified
2025-09-19T06:05:42Z
Summary
[none]
Details

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpasupplicant with SAE support prior to and including version 2.7 are affected.

References

Affected packages

Debian:11 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / wpa

Package

Name
wpa
Purl
pkg:deb/debian/wpa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:2.7+git20190128+0c1e29f-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}