Vulnerability CVE-2019-16275: Information

Description

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16275
Published: Sept. 12, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-346

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
hostapdsisyphus2.9-alt22.10-alt2ALT-PU-2020-3113-1260254Fixed
hostapdsisyphus_e2k2.10-alt12.10-alt2ALT-PU-2022-3875-1-Fixed
hostapdp102.10-alt22.10-alt2ALT-PU-2022-2423-1305001Fixed
hostapdp10_e2k2.10-alt22.10-alt2ALT-PU-2022-5746-1-Fixed
hostapdp92.9-alt22.9-alt2ALT-PU-2020-3139-1260257Fixed
hostapdc10f12.10-alt22.10-alt2ALT-PU-2022-2423-1305001Fixed
hostapdc9f22.10-alt22.10-alt2ALT-PU-2022-1980-1300918Fixed
wpa_supplicantsisyphus2.9-alt32.10-alt2ALT-PU-2020-3112-1260254Fixed
wpa_supplicantsisyphus_e2k2.10-alt12.10-alt2ALT-PU-2022-3876-1-Fixed
wpa_supplicantsisyphus_riscv642.10-alt12.10-alt2ALT-PU-2022-3883-1-Fixed
wpa_supplicantp102.10-alt22.10-alt2ALT-PU-2022-1927-1300113Fixed
wpa_supplicantp10_e2k2.10-alt22.10-alt2ALT-PU-2022-5044-1-Fixed
wpa_supplicantp92.9-alt32.9-alt4ALT-PU-2020-3138-1260257Fixed
wpa_supplicantc10f12.10-alt22.10-alt2ALT-PU-2022-1927-1300113Fixed
wpa_supplicantc9f22.10-alt22.10-alt2ALT-PU-2023-1833-1321127Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://w1.fi/security/2019-7/
  • Patch
  • Vendor Advisory
https://www.openwall.com/lists/oss-security/2019/09/11/7
  • Mailing List
  • Mitigation
  • Third Party Advisory
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
  • Mitigation
  • Vendor Advisory
[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass
  • Mailing List
  • Mitigation
  • Third Party Advisory
[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update
  • Mailing List
  • Third Party Advisory
USN-4136-1
  • Third Party Advisory
USN-4136-2
  • Third Party Advisory
DSA-4538
  • Third Party Advisory
20190929 [SECURITY] [DSA 4538-1] wpa security update
  • Mailing List
  • Third Party Advisory
FEDORA-2019-0e0b28001d
    FEDORA-2019-740834c559
      FEDORA-2019-2265b5ae86
        FEDORA-2019-65509aac53
          FEDORA-2019-2bdcccee3c

              1. Configuration 1

                cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
                End including
                2.9
                cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
                End including
                2.9

                Configuration 2

                cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
                cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

                Configuration 3

                cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
                cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.4.2
            Back to top