Vulnerability CVE-2019-9496: Information
Description
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| hostapd | sisyphus | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2497-1 | 236307 | Fixed |
| hostapd | p10 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2497-1 | 236307 | Fixed |
| hostapd | p9 | 2.9-alt2 | 2.9-alt2 | ALT-PU-2020-3139-1 | 260257 | Fixed |
| hostapd | c10f1 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2497-1 | 236307 | Fixed |
| hostapd | c9f2 | 2.10-alt2 | 2.10-alt2 | ALT-PU-2022-1980-1 | 300918 | Fixed |
| hostapd | p11 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2497-1 | 236307 | Fixed |
| wpa_supplicant | sisyphus | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2498-1 | 236307 | Fixed |
| wpa_supplicant | p10 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2498-1 | 236307 | Fixed |
| wpa_supplicant | p9 | 2.9-alt1 | 2.9-alt4 | ALT-PU-2019-2554-1 | 236684 | Fixed |
| wpa_supplicant | c10f1 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2498-1 | 236307 | Fixed |
| wpa_supplicant | c9f2 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2554-1 | 236684 | Fixed |
| wpa_supplicant | p11 | 2.9-alt1 | 2.10-alt2 | ALT-PU-2019-2498-1 | 236307 | Fixed |